{"id":"CVE-2017-6889","details":"An integer overflow error within the \"foveon_load_camf()\" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.","modified":"2026-04-16T06:15:54.961914080Z","published":"2017-05-15T18:29:00.200Z","related":["SUSE-SU-2017:2300-1"],"references":[{"type":"REPORT","url":"https://secuniaresearch.flexerasoftware.com/advisories/75000/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw-demosaic-pack-gpl2","events":[{"introduced":"0"},{"last_affected":"ffea825e121e92aa780ae587b65f80fc5847637c"},{"fixed":"194f592e205990ea8fce72b6c571c14350aca716"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.18.1"}]}}],"versions":["0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.14.7","0.14.8","0.15.0","0.15.1","0.15.2","0.16.0","0.16.1","0.16.2","0.17.0","0.17.1","0.17.2","0.18.0","0.18.0-Beta1","0.18.0-Beta2","0.18.1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:14:41Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6889.json","vanir_signatures":[{"deprecated":false,"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","target":{"file":"dcraw_foveon.c"},"digest":{"threshold":0.9,"line_hashes":["100850317300044172871758774077954143283","183165565249248235104004237473157430537","83649381162801328157103007422383945962","47514154183160630857492948049019842349","37475012982426722331624000442743187628","158946633314018727684819495445952872936","169360082881815744821892637527684042066","297389860160314791543952754442543041809","196569000861448789229074069099911561455","46361378511996670452354581310182194654","25993550731896664825248406918372402297","67138032242703886184429388320837250614"]},"signature_version":"v1","signature_type":"Line","id":"CVE-2017-6889-b76a6567"},{"digest":{"function_hash":"91891604155324030583620799763965924127","length":1267},"deprecated":false,"target":{"file":"dcraw_foveon.c","function":"foveon_load_camf"},"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","signature_version":"v1","signature_type":"Function","id":"CVE-2017-6889-d6e82664"},{"deprecated":false,"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","target":{"file":"dcraw_foveon.c","function":"foveon_dp_load_raw"},"digest":{"function_hash":"2862206903275483430271369263106098319","length":766},"signature_version":"v1","signature_type":"Function","id":"CVE-2017-6889-e65cd3bb"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}