[This DLA supersedes my wrong announcement using DLA 241-1]
- CVE-2015-3885
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted image, which triggers a buffer overflow, related to the len
variable.
We recommend that you upgrade your libraw packages.