CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.7%
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | darktable | < 1.6.7-1 | darktable_1.6.7-1_all.deb |
Debian | 11 | all | darktable | < 1.6.7-1 | darktable_1.6.7-1_all.deb |
Debian | 999 | all | darktable | < 1.6.7-1 | darktable_1.6.7-1_all.deb |
Debian | 13 | all | darktable | < 1.6.7-1 | darktable_1.6.7-1_all.deb |
Debian | 12 | all | dcraw | < 9.26-1 | dcraw_9.26-1_all.deb |
Debian | 11 | all | dcraw | < 9.26-1 | dcraw_9.26-1_all.deb |
Debian | 999 | all | dcraw | < 9.26-1 | dcraw_9.26-1_all.deb |
Debian | 13 | all | dcraw | < 9.26-1 | dcraw_9.26-1_all.deb |
Debian | 12 | all | exactimage | < 0.9.1-5 | exactimage_0.9.1-5_all.deb |
Debian | 11 | all | exactimage | < 0.9.1-5 | exactimage_0.9.1-5_all.deb |