CVE-2021-3624 log

Severity Medium
Remote No
Type Arbitrary code execution
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. The vulnerability resides in the foveon_load_camf() function in dcraw.c.
Group Package Affected Fixed Severity Status Ticket
AVG-2111 dcraw 9.28.0-2 Medium Vulnerable