CVE-2013-1439 — Libraw vulnerability

12 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Darktable Debian Libkdcraw +1 more

Timeline

PublishedSep 16

Latest updateMay 17

Description

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/libraw< darktable 1.2.2-2 (bookworm)

▶Debianlibraw/libraw< 0.15.4-1+3

▶NVDlibraw/libraw21 versions+20

▶debiandebian/darktable< darktable 1.2.2-2 (bookworm)

▶debiandebian/libkdcraw< darktable 1.2.2-2 (bookworm)

Patches

Patch: www.openwall.com ↗Patch: github.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-rcvp-8v7c-m59p: The "faster LJPEG decoder" in libraw 0↗2022-05-17

▶

OSV

CVE-2013-1439: The "faster LJPEG decoder" in libraw 0↗2013-09-16

▶

📋Vendor Advisories

Ubuntu

libKDcraw vulnerabilities↗2013-09-30

▶

Ubuntu

LibRaw vulnerabilities↗2013-09-23

▶

Red Hat

LibRaw: multiple denial of service flaws↗2013-08-28

▶

Debian

CVE-2013-1439: darktable - The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 al...↗2013

▶

💬Community

Bugzilla

CVE-2013-1439 CVE-2013-1438 rawtherapee: LibRaw: multiple denial of service flaws [fedora-all]↗2014-02-10

▶

Bugzilla

CVE-2013-1439 CVE-2013-1438 ufraw: LibRaw: multiple denial of service flaws [fedora-all]↗2013-10-01

▶

Bugzilla

CVE-2013-1439 CVE-2013-1438 dcraw: LibRaw: multiple denial of service flaws [fedora-all]↗2013-09-25

▶

Bugzilla

CVE-2013-1438 CVE-2013-1439 LibRaw: multiple denial of service flaws↗2013-08-29

▶

Bugzilla

CVE-2013-1439 CVE-2013-1438 LibRaw: multiple denial of service flaws [fedora-all]↗2013-08-29

▶