CVE-2013-1438

Priority
Medium
Description
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw,
ufraw, shotwell, and other products, allows context-dependent attackers to
cause a denial of service via a crafted photo file that triggers a (1)
divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
References
Bugs
Notes
jdstrand> upstream says to use 0.14-stable branch from github repo
Assigned-to
mdeslaur
Package
Source: xmbc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (4:4.8.5-0ubuntu0.3)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):needs-triage
Package
Source: dcraw (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):needs-triage
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):needs-triage
Package
Source: ufraw (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (0.19.2-2ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):released (0.19.2-2ubuntu1)
Ubuntu 15.04 (Vivid Vervet):released (0.19.2-2ubuntu1)
Package
Upstream:released (0.15.4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (0.14.4-0ubuntu2.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.15.3-1ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):released (0.15.3-1ubuntu1)
Ubuntu 15.04 (Vivid Vervet):released (0.15.3-1ubuntu1)
Patches:
Upstream:https://github.com/LibRaw/LibRaw/commit/9ae25d8c3a6bfb40c582538193264f74c9b93bc0 (0.16.x)
Upstream:https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad (0.15.x)
Upstream:https://github.com/LibRaw/LibRaw/commit/c4e374ea6c979a7d1d968f5082b7d0ea8cd27202 (0.14.x)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (0.8.9-1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (0.8.9-3build1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (0.8.9-3build1)
Ubuntu 15.04 (Vivid Vervet):not-affected (0.8.9-3build1)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-29 20:14:44 UTC (commit 8657)