CVE-2013-2126Double Free in Libraw

CWE-39910 documents7 sources
Severity
7.5HIGHNVD
EPSS
3.2%
top 12.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LibrawDebian DarktableDebian Libkdcraw+3 more
Timeline
PublishedAug 14
Latest updateMay 14

Description

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

debiandebian/libraw< darktable 1.2.1-2 (bookworm)
Debianlibraw/libraw< 0.15.3-1+3
NVDlibraw/libraw0.15.1+1
debiandebian/darktable< darktable 1.2.1-2 (bookworm)
debiandebian/libkdcraw< darktable 1.2.1-2 (bookworm)

Also affects: Ubuntu Linux 12.04, 12.10, 13.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-f8qw-gp3p-w497: Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx2022-05-14
OSV
CVE-2013-2126: Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx2013-08-14

📋Vendor Advisories

4
Ubuntu
LibRaw vulnerability2013-06-18
Ubuntu
libKDcraw vulnerability2013-06-18
Red Hat
LibRaw: double-free flaw when handling damaged full-color in Foveon and sRAW files2013-05-24
Debian
CVE-2013-2126: darktable - Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cx...2013

💬Community

3
Bugzilla
CVE-2013-2126 LibRaw: double-free flaw when handling damaged full-color in Foveon and sRAW files [fedora-all]2013-06-04
Bugzilla
CVE-2013-2126 LibRaw: double-free flaw when handling damaged full-color in Foveon and sRAW files [fedora-all]2013-06-04
Bugzilla
CVE-2013-2126 LibRaw: double-free flaw when handling damaged full-color in Foveon and sRAW files2013-05-29