CVE-2013-1439
Published: 16 September 2013
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
Notes
Author | Note |
---|---|
jdstrand | upstream says to use 0.14-stable branch from github repo |
Priority
Status
Package | Release | Status |
---|---|---|
darktable Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.6.0-1)
|
|
cosmic |
Not vulnerable
(1.6.0-1)
|
|
disco |
Not vulnerable
(1.6.0-1)
|
|
lucid |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(1.6.0-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
libkdcraw Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
lucid |
Does not exist
|
|
precise |
Released
(4:4.8.5-0ubuntu0.3)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [4:4.11.1-0ubuntu2])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Not vulnerable
|
|
libraw Launchpad, Ubuntu, Debian |
artful |
Released
(0.15.3-1ubuntu1)
|
bionic |
Released
(0.15.3-1ubuntu1)
|
|
cosmic |
Released
(0.15.3-1ubuntu1)
|
|
disco |
Released
(0.15.3-1ubuntu1)
|
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Released
(0.14.7-0ubuntu1.12.10.2)
|
|
raring |
Released
(0.14.7-0ubuntu1.13.04.2)
|
|
saucy |
Released
(0.15.3-1ubuntu1)
|
|
trusty |
Released
(0.15.3-1ubuntu1)
|
|
upstream |
Released
(0.15.4)
|
|
utopic |
Released
(0.15.3-1ubuntu1)
|
|
vivid |
Released
(0.15.3-1ubuntu1)
|
|
wily |
Released
(0.15.3-1ubuntu1)
|
|
xenial |
Released
(0.15.3-1ubuntu1)
|
|
yakkety |
Released
(0.15.3-1ubuntu1)
|
|
zesty |
Released
(0.15.3-1ubuntu1)
|
|
Patches: upstream: https://github.com/LibRaw/LibRaw/commit/9ae25d8c3a6bfb40c582538193264f74c9b93bc0 upstream: https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad upstream: https://github.com/LibRaw/LibRaw/commit/c4e374ea6c979a7d1d968f5082b7d0ea8cd27202 |