CVE-2015-3885 - Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to ca

CVE-2015-3885

Summary

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

References

Vulnerable Configurations

cpe:2.3:a:dcraw_project:dcraw:7.00:*:*:*:*:*:*:*
cpe:2.3:a:dcraw_project:dcraw:7.00:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-10-2018 - 19:56)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	74590
bugtraq	20150511 [oCERT-2015-006] dcraw input sanitization errors
confirm	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5 https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
fedora	FEDORA-2015-8170 FEDORA-2015-8482 FEDORA-2015-8498 FEDORA-2015-8621 FEDORA-2015-8647 FEDORA-2015-8671 FEDORA-2015-8699 FEDORA-2015-8706 FEDORA-2015-8717
gentoo	GLSA-201701-54 GLSA-201706-17
misc	http://www.ocert.org/advisories/ocert-2015-006.html

Last major update

09-10-2018 - 19:56

Published

19-05-2015 - 18:59

Last modified

09-10-2018 - 19:56