CVE-2013-1438Infinite Loop in Dcraw

13 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Dcraw Project DcrawLibrawDebian Darktable+6 more
Timeline
PublishedJan 19
Latest updateMay 17

Description

Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages9 packages

debiandebian/dcraw< darktable 1.2.2-2 (bookworm)
debiandebian/libraw< darktable 1.2.2-2 (bookworm)
debiandebian/libkdcraw< darktable 1.2.2-2 (bookworm)
Debianlibraw/libraw< 0.15.4-1+3
Debiandcraw_project/dcraw< 9.28-1+3

🔴Vulnerability Details

2
GHSA
GHSA-h3x3-43mf-g7c4: Unspecified vulnerability in dcraw 02022-05-17
OSV
CVE-2013-1438: Unspecified vulnerability in dcraw 02014-01-19

📋Vendor Advisories

4
Ubuntu
libKDcraw vulnerabilities2013-09-30
Ubuntu
LibRaw vulnerabilities2013-09-23
Red Hat
LibRaw: multiple denial of service flaws2013-08-28
Debian
CVE-2013-1438: darktable - Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw...2013

💬Community

6
Bugzilla
CVE-2013-1439 CVE-2013-1438 rawtherapee: LibRaw: multiple denial of service flaws [fedora-all]2014-02-10
Bugzilla
CVE-2014-1438 kernel: x86: exceptions are not cleared in AMD FXSAVE workaround2014-01-14
Bugzilla
CVE-2013-1439 CVE-2013-1438 ufraw: LibRaw: multiple denial of service flaws [fedora-all]2013-10-01
Bugzilla
CVE-2013-1439 CVE-2013-1438 dcraw: LibRaw: multiple denial of service flaws [fedora-all]2013-09-25
Bugzilla
CVE-2013-1438 CVE-2013-1439 LibRaw: multiple denial of service flaws2013-08-29