CVE-2015-3885 — Improper Input Validation in Project Dcraw
Severity
4.3MEDIUMNVD
EPSS
3.6%
top 12.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 19
Latest updateMay 14
Description
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages5 packages
Also affects: Fedora 21
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
12Bugzilla▶
CVE-2015-3885 netpbm: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]↗2015-05-19
Bugzilla▶
CVE-2015-3885 mingw-cximage: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]↗2015-05-13
Bugzilla▶
CVE-2015-3885 rawtherapee: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]↗2015-05-13
Bugzilla▶
CVE-2015-3885 libkdcraw: dcraw: input sanitization flaw leading to buffer overflow [epel-5]↗2015-05-13
Bugzilla▶
CVE-2015-3885 libraw1394: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]↗2015-05-13