HCE2-SA-2024-0313 Critical HCE 2.0 Security Fix(es): A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. (CVE-2018-19655) In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-14608) There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. (CVE-2017-13735) HCE 2.0 dcraw-9.28.0-5.r2.hce2.aarch64.rpm dcraw-help-9.28.0-5.r2.hce2.noarch.rpm dcraw-9.28.0-5.r2.hce2.x86_64.rpm