{"id":"CVE-2017-6890","details":"A boundary error within the \"foveon_load_camf()\" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.","modified":"2026-03-14T09:24:03.325271Z","published":"2017-05-15T18:29:00.263Z","related":["MGASA-2017-0223","SUSE-SU-2017:2300-1","openSUSE-SU-2024:10980-1"],"references":[{"type":"REPORT","url":"https://secuniaresearch.flexerasoftware.com/advisories/75000/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw-demosaic-pack-gpl2","events":[{"introduced":"0"},{"last_affected":"ffea825e121e92aa780ae587b65f80fc5847637c"},{"fixed":"194f592e205990ea8fce72b6c571c14350aca716"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.18.1"}]}}],"versions":["0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.14.7","0.14.8","0.15.0","0.15.1","0.15.2","0.16.0","0.16.1","0.16.2","0.17.0","0.17.1","0.17.2","0.18.0","0.18.0-Beta1","0.18.0-Beta2","0.18.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6890.json","vanir_signatures":[{"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","target":{"file":"dcraw_foveon.c"},"id":"CVE-2017-6890-b76a6567","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["100850317300044172871758774077954143283","183165565249248235104004237473157430537","83649381162801328157103007422383945962","47514154183160630857492948049019842349","37475012982426722331624000442743187628","158946633314018727684819495445952872936","169360082881815744821892637527684042066","297389860160314791543952754442543041809","196569000861448789229074069099911561455","46361378511996670452354581310182194654","25993550731896664825248406918372402297","67138032242703886184429388320837250614"]},"deprecated":false},{"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","target":{"file":"dcraw_foveon.c","function":"foveon_load_camf"},"id":"CVE-2017-6890-d6e82664","signature_type":"Function","signature_version":"v1","digest":{"function_hash":"91891604155324030583620799763965924127","length":1267},"deprecated":false},{"source":"https://github.com/libraw/libraw-demosaic-pack-gpl2/commit/194f592e205990ea8fce72b6c571c14350aca716","target":{"file":"dcraw_foveon.c","function":"foveon_dp_load_raw"},"id":"CVE-2017-6890-e65cd3bb","signature_type":"Function","signature_version":"v1","digest":{"function_hash":"2862206903275483430271369263106098319","length":766},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}