{"id":"CVE-2018-10529","details":"An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.","modified":"2026-04-11T06:58:34.490285Z","published":"2018-04-29T03:29:00.373Z","related":["openSUSE-SU-2024:10980-1"],"references":[{"type":"ADVISORY","url":"https://github.com/LibRaw/LibRaw/issues/144"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3639-1/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"last_affected":"87144aa9bb7325b09965b183fa58f957a9a4e4fd"},{"fixed":"f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.18.9"}]}}],"versions":["0.12.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.18.1","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.9"],"database_specific":{"vanir_signatures_modified":"2026-04-11T06:58:34Z","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","id":"CVE-2018-10529-591e5ed5","deprecated":false,"digest":{"line_hashes":["240862160085993003600434182227685094653","158369060048286771248314680748371968292","97113461682042654376990464299999966361","29261631343733417072971860717578375845","339885308485634563600554458416818826136","323078013577982571728615220657221385471","86076383069500532027485707454034209862","316243266872512009550079486404996310428","85204445983169512942768942995382567613","139827416562017523666777119347415400117","226114661174059044347940110295779940323","312707862860971573665707848943754494193","318251517465902680941429029892041577448","151795081915003604379575167857052292848","268917060250854548848580387657766368198","269284681623973029004809318799018363969","130129417217373137053532091335928812102","142969646364091941053311453222596374645","10368222683834136076767704468247342142","132374683003806414528497221874129881729","114315440959363075544748912500113590470","66233697662997032906485154722264734887","1198970710821988405490492171003412062","151718378019123133221266697796754342604","63896756124240935624391526338574354195","137157358283057484190149570639629929674"],"threshold":0.9},"target":{"file":"internal/libraw_x3f.cpp"},"source":"https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"},{"signature_type":"Function","signature_version":"v1","id":"CVE-2018-10529-71aa6d57","deprecated":false,"digest":{"length":5561,"function_hash":"139078084317845080823012408604288713066"},"target":{"function":"LibRaw::parse_x3f","file":"src/libraw_cxx.cpp"},"source":"https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"},{"signature_type":"Function","signature_version":"v1","id":"CVE-2018-10529-8336e6d9","deprecated":false,"digest":{"length":674,"function_hash":"116446325389743313282843666121866560994"},"target":{"function":"x3f_load_property_list","file":"internal/libraw_x3f.cpp"},"source":"https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"},{"signature_type":"Function","signature_version":"v1","id":"CVE-2018-10529-95a0eb2e","deprecated":false,"digest":{"length":1474,"function_hash":"214791853866619832009050408861689491417"},"target":{"function":"x3f_delete","file":"internal/libraw_x3f.cpp"},"source":"https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"},{"signature_type":"Line","signature_version":"v1","id":"CVE-2018-10529-a31cfece","deprecated":false,"digest":{"line_hashes":["40818646843373079837247003281549386162","256221859826004224259744393469590061204","49067652593416517873450475657797997025","150902004042096981754329473733521661398","36172164629433102534438106320777277653","72217831412331383429054205047958677060","124201910794061763184229475466790558399","208361473963240830842824678370307248197","206479895672243440599142812359499313896","117690676383352947772199214911752666272","318651842328511367245984644084605261777","212450244810660430944116050595376638016","122513729897260850221728284977472669624"],"threshold":0.9},"target":{"file":"src/libraw_cxx.cpp"},"source":"https://github.com/libraw/libraw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10529.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}