{"id":"CVE-2017-6886","details":"An error within the \"parse_tiff_ifd()\" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.","modified":"2026-04-16T06:19:29.729002549Z","published":"2017-05-16T16:29:00.220Z","related":["SUSE-SU-2017:2300-1","openSUSE-SU-2024:10980-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3950"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98605"},{"type":"REPORT","url":"https://secuniaresearch.flexerasoftware.com/advisories/75737/"},{"type":"REPORT","url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"last_affected":"f4e199a14566f511d1d3d5ad839fef5f4eb906ff"},{"fixed":"d7c3d2cb460be10a3ea7b32e9443a83c243b2251"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.18.1"}]}}],"versions":["0.12.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.18.1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["330483907310885657851638621784502241594","98297358945102826810003107118541587412","13538086109817097211732976274570932189","140070819662391359961719678473990694994","40273550911795736478718628460633290601","242256858762420658105829523284864040693","157899024790148287550800316389812572087","222565264877867960609186580260913843692","40686553183327440519215951091695956570","230815494714399470105896906696210971826","201572566780869375995244731736247661949","145021184640497432325317046080675481440"],"threshold":0.9},"signature_type":"Line","target":{"file":"internal/dcraw_common.cpp"},"id":"CVE-2017-6886-07f0dd62","source":"https://github.com/libraw/libraw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"223952729540945911801236471202363549232","length":836},"signature_type":"Function","target":{"function":"parse_jpeg","file":"dcraw/dcraw.c"},"id":"CVE-2017-6886-345db300","source":"https://github.com/libraw/libraw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["330483907310885657851638621784502241594","98297358945102826810003107118541587412","13538086109817097211732976274570932189","140070819662391359961719678473990694994","40273550911795736478718628460633290601","242256858762420658105829523284864040693","157899024790148287550800316389812572087","222565264877867960609186580260913843692","40686553183327440519215951091695956570","230815494714399470105896906696210971826","201572566780869375995244731736247661949","145021184640497432325317046080675481440"],"threshold":0.9},"signature_type":"Line","target":{"file":"dcraw/dcraw.c"},"id":"CVE-2017-6886-3bf7c58f","source":"https://github.com/libraw/libraw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"270558865765251762118260754155532321526","length":31716},"signature_type":"Function","target":{"function":"parse_tiff_ifd","file":"dcraw/dcraw.c"},"id":"CVE-2017-6886-62aafd68","source":"https://github.com/libraw/libraw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"},{"target":{"function":"parse_jpeg","file":"internal/dcraw_common.cpp"},"deprecated":false,"digest":{"function_hash":"223952729540945911801236471202363549232","length":836},"signature_type":"Function","signature_version":"v1","id":"CVE-2017-6886-70b33685","source":"https://github.com/libraw/libraw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"270558865765251762118260754155532321526","length":31716},"signature_type":"Function","target":{"function":"parse_tiff_ifd","file":"internal/dcraw_common.cpp"},"id":"CVE-2017-6886-78c14c72","source":"https://github.com/libraw/libraw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251"}],"vanir_signatures_modified":"2026-04-11T04:14:40Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6886.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}