[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3885Date: (C)2015-06-09   (M)2023-12-22


Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/535513/100/0/threaded
BID-74590
FEDORA-2015-8170
FEDORA-2015-8482
FEDORA-2015-8498
FEDORA-2015-8621
FEDORA-2015-8647
FEDORA-2015-8671
FEDORA-2015-8699
FEDORA-2015-8706
FEDORA-2015-8717
GLSA-201701-54
GLSA-201706-17
http://www.ocert.org/advisories/ocert-2015-006.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e

CPE    2
cpe:/o:fedoraproject:fedora:21
cpe:/a:dcraw_project:dcraw
CWE    1
CWE-189
OVAL    16
oval:org.secpod.oval:def:108884
oval:org.secpod.oval:def:109116
oval:org.secpod.oval:def:109138
oval:org.secpod.oval:def:602645
...

© SecPod Technologies