{"id":"CVE-2018-10528","details":"An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.","modified":"2026-04-11T06:58:32.891831Z","published":"2018-04-29T03:29:00.310Z","related":["openSUSE-SU-2024:10980-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3639-1/"},{"type":"ADVISORY","url":"https://github.com/LibRaw/LibRaw/issues/144"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"last_affected":"87144aa9bb7325b09965b183fa58f957a9a4e4fd"},{"fixed":"efd8cfabb93fd0396266a7607069901657c082e3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.18.9"}]}}],"versions":["0.12.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.18.1","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.9"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","digest":{"length":204,"function_hash":"252336533857689643885418014743752931165"},"id":"CVE-2018-10528-109dd588","deprecated":false,"target":{"function":"utf2char","file":"src/libraw_cxx.cpp"},"source":"https://github.com/libraw/libraw/commit/efd8cfabb93fd0396266a7607069901657c082e3"},{"signature_version":"v1","signature_type":"Function","digest":{"length":5429,"function_hash":"67370514212402055096699002759909826972"},"id":"CVE-2018-10528-4aaec1c0","deprecated":false,"target":{"function":"LibRaw::parse_x3f","file":"src/libraw_cxx.cpp"},"source":"https://github.com/libraw/libraw/commit/efd8cfabb93fd0396266a7607069901657c082e3"},{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["154890432160439294006430619712520052245","138986028489103972689014037731769997393","103099074472438459681567086872941143178","12455845976305421023743675851513522855","8536276503149737419853247581135011742","334169772272254958991513935062430038027","55023915806102155922583115239082328038","253565321359962370225994169901000094482","299264130701775429199092333659680755680","95466403734629571529776646325624195481","248727732483071687414452209806770728484","259059947503145621007055758932539717903","268489085269868056506827985562763529183","88460514338855426367820464401841263514","307498728798500769076404506513026651202","297536214377360789117078215482225662086","54328197893581282840175486322468253411","17621035509924748660311649333895136878"]},"id":"CVE-2018-10528-731e6467","deprecated":false,"target":{"file":"src/libraw_cxx.cpp"},"source":"https://github.com/libraw/libraw/commit/efd8cfabb93fd0396266a7607069901657c082e3"}],"vanir_signatures_modified":"2026-04-11T06:58:32Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10528.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}