Candidate: CVE-2021-3624
PublicDate: 2022-04-18 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3624
Description:
 There is an integer overflow vulnerability in dcraw. When the victim runs
 dcraw with a maliciously crafted X3F input image, arbitrary code may be
 executed in the victim's system.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761
Priority: medium
Discovered-by: Wooseok Kang
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_dcraw:
upstream_dcraw: needed
trusty_dcraw: ignored (out of standard support)
trusty/esm_dcraw: DNE
xenial_dcraw: ignored (out of standard support)
bionic_dcraw: needed
focal_dcraw: needed
groovy_dcraw: ignored (reached end-of-life)
hirsute_dcraw: ignored (reached end-of-life)
impish_dcraw: needed
jammy_dcraw: needed
devel_dcraw: needed