CVE-2018-5819

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2018-5819 DLA-1734-1 DLA-2903-1 OPENSUSE-SU-2019:0094-1 OPENSUSE-SU-2024:10980-1 RHBA-2019:2044

Modified

Published: 20 Feb 2019, 18:00

Last modified:17 Sept 2024, 04:29

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v2.0 (nvd)

EPSS Score

0.58% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Feb 2019, 18:00

Published

Vulnerability first disclosed

17 Sept 2024, 04:29

Last Modified

Vulnerability information updated

Description

An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•HIGH•Score: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.58%• Percentile: 69%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

debian•debian_linux
8.0
flexera software llc•libraw
0.19.0 and earlier
libraw•libraw
< 0.19.1