Lucene search
Veracode Vulnerability DatabaseVERACODE:44891HistoryDec 28, 2023 - 3:12 p.m.
Buffer Overflow
2023-12-2815:12:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
libraw
buffer overflow
vulnerability
jpeg_start function
denial of service
software
improper size checks
raw image
exploit
attacker
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
6.4
Confidence
Low
EPSS
0.048
Percentile
92.7%
LibRaw is vulnerable to Buffer Overflow. The vulnerability is due to improper size checks of the len variable in the jpeg_start function within dcraw. This issue can be exploited by an attacker via a maliciously crafted raw image resulting in Denial of Service.
Related
openvas
openvas
Debian: Security Advisory (DLA-228-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0222)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for dcraw (EulerOS-SA-2019-2489)
2020-01-23 00:00:00
mageia
mageia
Updated ufraw & dcraw packages fix CVE-2015-3885
2015-05-13 20:18:54
Updated rawtherapee packages fix CVE-2015-3885
2015-05-13 20:18:54
Updated libraw packages fix CVE-2015-3885
2015-05-13 20:18:54
nessus
nessus
Fedora 22 : mingw-LibRaw-0.16.2-1.fc22 (2015-8444)
2015-05-27 00:00:00
Fedora 20 : LibRaw-0.15.4-2.fc20 (2015-8247)
2015-05-27 00:00:00
Fedora 22 : ufraw-0.21-1.fc22 (2015-8699)
2015-06-09 00:00:00
osv
osv
exactimage - security update
2015-05-28 00:00:00
libraw - security update
2015-06-10 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: ufraw-0.21-1.fc21
2015-06-05 23:43:52
[SECURITY] Fedora 22 Update: ufraw-0.21-1.fc22
2015-06-05 23:59:05
[SECURITY] Fedora 21 Update: mingw-LibRaw-0.16.2-1.fc21
2015-05-28 12:05:21
debiancve
debiancve
CVE-2015-3885
2015-05-19 18:59:07
cve
cve
CVE-2015-3885
2015-05-19 18:59:07
nvd
nvd
CVE-2015-3885
2015-05-19 18:59:07
debian
debian
[SECURITY] [DLA 228-1] exactimage security update
2015-05-28 07:13:44
[SECURITY] [DLA 243-1] libraw security update
2015-06-10 20:19:19
[SECURITY] [DLA 241-1] libraw security update
2015-06-10 12:10:03
cvelist
cvelist
CVE-2015-3885
2015-05-19 18:00:00
ubuntucve
ubuntucve
CVE-2015-3885
2015-05-19 00:00:00
prion
prion
Integer overflow
2015-05-19 18:59:00
gentoo
gentoo
DCRaw: Buffer overflow
2017-01-23 00:00:00
Kodi: Multiple vulnerabilities
2017-06-20 00:00:00
LibRaw: Multiple vulnerabilities
2017-01-24 00:00:00
freebsd
freebsd
dcraw -- integer overflow condition
2015-04-24 00:00:00
ubuntu
ubuntu
LibRaw vulnerabilities
2017-11-22 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
6.4
Confidence
Low
EPSS
0.048
Percentile
92.7%
Related for VERACODE:44891