cbcvebase.
CVE-2015-3885
published 2015-05-19

CVE-2015-3885: Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which…

medium4.3CVSS 3.1
AVNACMAuNCNINAP
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Affected

24 ranges
VendorProductVersion rangeFixed in
dcraw_projectdcraw<= 7.00
dcraw_projectdcraw>= 0 < 9.26-19.26-1
dcraw_projectdcraw>= 0 < 9.26-19.26-1
dcraw_projectdcraw>= 0 < 9.26-19.26-1
dcraw_projectdcraw>= 0 < 9.26-19.26-1
debiandarktable< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
debiandcraw< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
debianexactimage< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
debianfreeimage< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
debiankodi< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
debianlibraw< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
debianrawtherapee< darktable 1.6.7-1 (bookworm)darktable 1.6.7-1 (bookworm)
fedoraprojectfedora
freeimage_projectfreeimage>= 0 < 3.15.4-63.15.4-6
freeimage_projectfreeimage>= 0 < 3.15.4-63.15.4-6
freeimage_projectfreeimage>= 0 < 3.15.4-63.15.4-6
freeimage_projectfreeimage>= 0 < 3.15.4-63.15.4-6
kodikodi>= 0 < 16.0+dfsg1-116.0+dfsg1-1
kodikodi>= 0 < 16.0+dfsg1-116.0+dfsg1-1
kodikodi>= 0 < 16.0+dfsg1-116.0+dfsg1-1
librawlibraw>= 0 < 0.16.2-10.16.2-1
librawlibraw>= 0 < 0.16.2-10.16.2-1
librawlibraw>= 0 < 0.16.2-10.16.2-1
librawlibraw>= 0 < 0.16.2-10.16.2-1

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM