Login Sign Up

CVE-2017-6889

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in LibRaw-demosaic-pack-GPL2 allows attackers to trigger an integer overflow in the foveon_load_camf() function, leading to heap-based buffer overflow. This can potentially allow remote code execution or denial of service. Users of applications that process Foveon camera RAW images using vulnerable versions of this library are affected.

💻 Affected Systems

Products:
  • LibRaw-demosaic-pack-GPL2
Versions: All versions before 0.18.2
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using this library to process Foveon camera RAW images is vulnerable.

📦 What is this software?

Libraw Demosaic Pack Gpl2 by Libraw

View all CVEs affecting Libraw Demosaic Pack Gpl2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with system-level privileges, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the application context.

🟢

If Mitigated

Application crash with no further impact if proper memory protections (ASLR, DEP) are enabled.

🌐 Internet-Facing: MEDIUM - Requires processing of malicious image files, which could be uploaded to web applications.
🏢 Internal Only: LOW - Typically requires user interaction to open malicious image files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious Foveon RAW image file. The vulnerability is in a widely used image processing library.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.18.2 and later

Vendor Advisory: https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716

Restart Required: Yes

Instructions:

1. Update LibRaw-demosaic-pack-GPL2 to version 0.18.2 or later. 2. Rebuild any applications using this library. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Disable Foveon image processing

all

Configure applications to reject or skip processing of Foveon camera RAW images.

Input validation

all

Implement strict file type validation and size limits for image uploads.

🧯 If You Can't Patch

  • Implement strict file upload restrictions for image files
  • Run vulnerable applications with reduced privileges and memory protection controls

🔍 How to Verify

Check if Vulnerable:

Check if LibRaw-demosaic-pack-GPL2 version is below 0.18.2 using package manager or by checking library version.

Check Version:

On Linux: dpkg -l | grep libraw-demosaic or rpm -qa | grep LibRaw

Verify Fix Applied:

Confirm version is 0.18.2 or higher and test with known malicious Foveon RAW images.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing image files
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual image file uploads to web applications
  • Large Foveon RAW file transfers

SIEM Query:

source="application.log" ("segmentation fault" OR "access violation" OR "heap corruption") AND "*.raw" OR "foveon"

📊 Metadata

CVE ID: CVE-2017-6889
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: May 15, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6889, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2018-20177 9.8

CVE-2018-20177 is a critical integer overflow vulnerability in rdesktop RDP client that leads to hea...

Same vulnerability type (CWE-190)
CVE-2018-5095 9.8

An integer overflow vulnerability in the Skia graphics library allows attackers to trigger use of un...

Same vulnerability type (CWE-190)