CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
92.7%
Package : libraw
Version : 0.9.1-1+deb6u1
CVE ID : CVE-2015-3885
Debian Bug : 786788
[This DLA supersedes my wrong announcement using DLA 241-1]
CVE-2015-3885:
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted image, which triggers a buffer overflow, related to the len
variable.
We recommend that you upgrade your libraw packages.
–
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | s390x | libraw-dev | < 0.16.0-9+deb8u1 | libraw-dev_0.16.0-9+deb8u1_s390x.deb |
Debian | 7 | sparc | rawtherapee | < 4.0.9-4+deb7u1 | rawtherapee_4.0.9-4+deb7u1_sparc.deb |
Debian | 8 | mipsel | libraw-bin | < 0.16.0-9+deb8u1 | libraw-bin_0.16.0-9+deb8u1_mipsel.deb |
Debian | 8 | mips | rawtherapee | < 4.2-1+deb8u1 | rawtherapee_4.2-1+deb8u1_mips.deb |
Debian | 8 | mipsel | libexactimage-perl | < 0.8.9-7+deb8u1 | libexactimage-perl_0.8.9-7+deb8u1_mipsel.deb |
Debian | 7 | armhf | php5-exactimage | < 0.8.5-5+deb7u4 | php5-exactimage_0.8.5-5+deb7u4_armhf.deb |
Debian | 8 | powerpc | libfreeimage-dev | < 3.15.4-4.2+deb8u1 | libfreeimage-dev_3.15.4-4.2+deb8u1_powerpc.deb |
Debian | 8 | powerpc | libraw-bin | < 0.16.0-9+deb8u1 | libraw-bin_0.16.0-9+deb8u1_powerpc.deb |
Debian | 6 | all | exactimage-perl | < 0.8.1-3+deb6u4 | exactimage-perl_0.8.1-3+deb6u4_all.deb |
Debian | 8 | armel | libraw10 | < 0.16.0-9+deb8u1 | libraw10_0.16.0-9+deb8u1_armel.deb |