{"id":"USN-7266-1","summary":"digikam vulnerabilities","details":"Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in\ndigiKam, did not correctly parse certain files. An attacker could possibly\nuse this issue to execute arbitrary code. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2017-0691)\n\nIt was discovered that Platinum Upnp SDK, vendored in digiKam, was\nvulnerable to a path traversal attack. An attacker could possibly use this\nissue to leak sensitive information. This issue only affected \nUbuntu 20.04 LTS. (CVE-2020-19858)\n\nIt was discovered that LibRaw, vendored in digiKam, did not correctly\nhandle certain memory operations. If a user or automated system were\ntricked into opening a specially crafted file, an attacker could possibly\nuse this issue to leak sensitive information. This issue only affected\nUbuntu 20.04 LTS. (CVE-2020-22628)\n\nIt was discovered that LibRaw, vendored in digiKam, did not correctly\nhandle certain memory operations. If a user or automated system were\ntricked into opening a specially crafted file, an attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35530,\nCVE-2020-35531, CVE-2020-35532, CVE-2020-35533)\n\nIt was discovered that LibRaw, vendored in digiKam, did not correctly\nhandle certain memory operations. If a user or automated system were\ntricked into opening a specially crafted file, an attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary code.\nThis issue only affected Ubuntu 20.04 LTS. (CVE-2021-32142)\n\nIt was discovered that LibRaw, vendored in digiKam, did not correctly\nhandle certain memory operations. If a user or automated system were\ntricked into opening a specially crafted file, an attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary code.\nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2023-1729)\n","modified":"2026-04-27T17:47:15.422932590Z","published":"2025-02-13T03:28:13Z","related":["UBUNTU-CVE-2017-0691","UBUNTU-CVE-2020-19858","UBUNTU-CVE-2020-22628","UBUNTU-CVE-2020-35530","UBUNTU-CVE-2020-35531","UBUNTU-CVE-2020-35532","UBUNTU-CVE-2020-35533","UBUNTU-CVE-2021-32142","UBUNTU-CVE-2023-1729"],"upstream":["CVE-2017-0691","CVE-2020-19858","CVE-2020-22628","CVE-2020-35530","CVE-2020-35531","CVE-2020-35532","CVE-2020-35533","CVE-2021-32142","CVE-2023-1729","UBUNTU-CVE-2017-0691","UBUNTU-CVE-2020-19858","UBUNTU-CVE-2020-22628","UBUNTU-CVE-2020-35530","UBUNTU-CVE-2020-35531","UBUNTU-CVE-2020-35532","UBUNTU-CVE-2020-35533","UBUNTU-CVE-2021-32142","UBUNTU-CVE-2023-1729"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7266-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-0691"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-19858"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-22628"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-35530"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-35531"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-35532"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-35533"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32142"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1729"}],"affected":[{"package":{"name":"digikam","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/digikam@4:4.12.0-0ubuntu7+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.12.0-0ubuntu7+esm1"}]}],"versions":["4:4.12.0-0ubuntu5","4:4.12.0-0ubuntu6","4:4.12.0-0ubuntu7"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"digikam","binary_version":"4:4.12.0-0ubuntu7+esm1"},{"binary_name":"digikam-data","binary_version":"4:4.12.0-0ubuntu7+esm1"},{"binary_name":"kipi-plugins","binary_version":"4:4.12.0-0ubuntu7+esm1"},{"binary_name":"kipi-plugins-common","binary_version":"4:4.12.0-0ubuntu7+esm1"},{"binary_name":"libkvkontakte1","binary_version":"1.0~digikam4.12.0-0ubuntu7+esm1"},{"binary_name":"libmediawiki1","binary_version":"1.0~digikam4.12.0-0ubuntu7+esm1"},{"binary_name":"showfoto","binary_version":"4:4.12.0-0ubuntu7+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-0691"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7266-1.json"}},{"package":{"name":"digikam","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/digikam@4:5.6.0-0ubuntu10+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:5.6.0-0ubuntu10+esm1"}]}],"versions":["4:5.6.0-0ubuntu2","4:5.6.0-0ubuntu3","4:5.6.0-0ubuntu4","4:5.6.0-0ubuntu7","4:5.6.0-0ubuntu8","4:5.6.0-0ubuntu9","4:5.6.0-0ubuntu10"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"digikam","binary_version":"4:5.6.0-0ubuntu10+esm1"},{"binary_name":"digikam-data","binary_version":"4:5.6.0-0ubuntu10+esm1"},{"binary_name":"digikam-private-libs","binary_version":"4:5.6.0-0ubuntu10+esm1"},{"binary_name":"kipi-plugins","binary_version":"4:5.6.0-0ubuntu10+esm1"},{"binary_name":"kipi-plugins-common","binary_version":"4:5.6.0-0ubuntu10+esm1"},{"binary_name":"showfoto","binary_version":"4:5.6.0-0ubuntu10+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-0691"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35530"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35531"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35532"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35533"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-1729"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7266-1.json"}},{"package":{"name":"digikam","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/digikam@4:6.4.0+dfsg-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:6.4.0+dfsg-3ubuntu0.1~esm1"}]}],"versions":["4:5.9.0-1ubuntu4","4:6.4.0+dfsg-3","4:6.4.0+dfsg-3build1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"digikam","binary_version":"4:6.4.0+dfsg-3ubuntu0.1~esm1"},{"binary_name":"digikam-data","binary_version":"4:6.4.0+dfsg-3ubuntu0.1~esm1"},{"binary_name":"digikam-private-libs","binary_version":"4:6.4.0+dfsg-3ubuntu0.1~esm1"},{"binary_name":"showfoto","binary_version":"4:6.4.0+dfsg-3ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-0691"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-19858"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-22628"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35530"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35531"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35532"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-35533"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-32142"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-1729"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7266-1.json"}},{"package":{"name":"digikam","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/digikam@4:7.5.0-3ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:7.5.0-3ubuntu0.1~esm1"}]}],"versions":["4:7.1.0-2","4:7.1.0-2ubuntu1","4:7.4.0-0ubuntu1","4:7.5.0-0ubuntu1","4:7.5.0-3fakesync1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"digikam","binary_version":"4:7.5.0-3ubuntu0.1~esm1"},{"binary_name":"digikam-data","binary_version":"4:7.5.0-3ubuntu0.1~esm1"},{"binary_name":"digikam-private-libs","binary_version":"4:7.5.0-3ubuntu0.1~esm1"},{"binary_name":"showfoto","binary_version":"4:7.5.0-3ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-1729"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7266-1.json"}}],"schema_version":"1.7.5"}