Candidate: CVE-2018-19655
PublicDate: 2018-11-29 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19655
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529
Description:
 A stack-based buffer overflow in the find_green() function of dcraw through
 9.28, as used in ufraw-batch and many other products, may allow a remote
 attacker to cause a control-flow hijack, denial-of-service, or unspecified
 other impact via a maliciously crafted raw photo file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_dcraw:
upstream_dcraw: released (9.28-2)
precise/esm_dcraw: DNE
trusty_dcraw: ignored (reached end-of-life)
trusty/esm_dcraw: DNE (trusty was needs-triage)
xenial_dcraw: ignored (end of standard support, was needs-triage)
bionic_dcraw: needs-triage
cosmic_dcraw: released (9.28-2)
disco_dcraw: released (9.28-2)
eoan_dcraw: released (9.28-2)
focal_dcraw: released (9.28-2)
groovy_dcraw: released (9.28-2)
hirsute_dcraw: released (9.28-2)
impish_dcraw: released (9.28-2)
jammy_dcraw: released (9.28-2)
devel_dcraw: released (9.28-2)

Patches_ufraw:
upstream_ufraw: released (0.22-3.1)
precise/esm_ufraw: DNE
trusty_ufraw: ignored (reached end-of-life)
trusty/esm_ufraw: DNE (trusty was needed)
xenial_ufraw: ignored (end of standard support, was needed)
bionic_ufraw: released (0.22-3.1~build0.18.04.1)
cosmic_ufraw: released (0.22-3.1~build0.18.14.1)
disco_ufraw: not-affected (0.22-3.1)
eoan_ufraw: DNE
focal_ufraw: DNE
groovy_ufraw: DNE
hirsute_ufraw: DNE
impish_ufraw: DNE
jammy_ufraw: DNE
devel_ufraw: DNE