{"id":"CVE-2018-5813","details":"An error within the \"parse_minolta()\" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.","modified":"2026-04-11T14:11:05.839468Z","published":"2018-12-07T22:29:01.520Z","related":["SUSE-SU-2018:3343-1","SUSE-SU-2019:0005-1","openSUSE-SU-2019:0008-1","openSUSE-SU-2024:10980-1"],"references":[{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3838-1/"},{"type":"ADVISORY","url":"https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"},{"type":"REPORT","url":"https://secuniaresearch.flexerasoftware.com/advisories/83050/"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/e47384546b43d0fd536e933249047bc397a4d88b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"fixed":"b90e0d44e0cfce3bf71861185754d6c67aa7598e"},{"fixed":"e47384546b43d0fd536e933249047bc397a4d88b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.18.11"}]}}],"versions":["0.12.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.18.1","0.18.10","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.9"],"database_specific":{"vanir_signatures_modified":"2026-04-11T14:11:05Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5813.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"vanir_signatures":[{"deprecated":false,"id":"CVE-2018-5813-2f06c7a3","digest":{"threshold":0.9,"line_hashes":["138481034920068687057640270736735149783","155008637328667895771217093114123597413","202468380364842969293143948639227716452","43362345418300741757744580791995773669","93498740150145970412707948942946017657","43849796945480050784384972864088438034","69979759779499482055485378711069337766","81314346554430816809408695689807658024","326138784518238356426912359781180545145"]},"source":"https://github.com/libraw/libraw/commit/e47384546b43d0fd536e933249047bc397a4d88b","signature_type":"Line","signature_version":"v1","target":{"file":"internal/dcraw_common.cpp"}},{"deprecated":false,"id":"CVE-2018-5813-a26917b4","digest":{"threshold":0.9,"line_hashes":["138481034920068687057640270736735149783","155008637328667895771217093114123597413","202468380364842969293143948639227716452","43362345418300741757744580791995773669","93498740150145970412707948942946017657","43849796945480050784384972864088438034","69979759779499482055485378711069337766","81314346554430816809408695689807658024","326138784518238356426912359781180545145"]},"source":"https://github.com/libraw/libraw/commit/e47384546b43d0fd536e933249047bc397a4d88b","signature_type":"Line","signature_version":"v1","target":{"file":"dcraw/dcraw.c"}},{"deprecated":false,"id":"CVE-2018-5813-a456f537","digest":{"function_hash":"336648434298068837655732362148006286611","length":3854},"source":"https://github.com/libraw/libraw/commit/e47384546b43d0fd536e933249047bc397a4d88b","signature_type":"Function","signature_version":"v1","target":{"file":"internal/dcraw_common.cpp","function":"parse_minolta"}},{"deprecated":false,"id":"CVE-2018-5813-df5e2481","digest":{"function_hash":"336648434298068837655732362148006286611","length":3854},"source":"https://github.com/libraw/libraw/commit/e47384546b43d0fd536e933249047bc397a4d88b","signature_type":"Function","signature_version":"v1","target":{"file":"dcraw/dcraw.c","function":"parse_minolta"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}