PublicDateAtUSN: 2013-05-31 Candidate: CVE-2013-2126 PublicDate: 2013-08-14 15:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126 http://www.libraw.org/news/libraw-0-15-2 http://www.openwall.com/lists/oss-security/2013/05/28/3 https://ubuntu.com/security/notices/USN-1884-1 https://ubuntu.com/security/notices/USN-1885-1 Description: Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353 (libraw) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316 (darktable) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711317 (libkdcraw) Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: Patches_libraw: upstream: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6 (0.15.x) upstream: https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a (0.14.x) upstream_libraw: released (0.15.2) lucid_libraw: DNE precise_libraw: released (0.14.4-0ubuntu2.1) precise/esm_libraw: DNE (precise was released [0.14.4-0ubuntu2.1]) quantal_libraw: released (0.14.7-0ubuntu1.12.10.1) raring_libraw: released (0.14.7-0ubuntu1.13.04.1) saucy_libraw: released (0.14.7-2ubuntu1) trusty_libraw: released (0.14.7-2ubuntu1) trusty/esm_libraw: DNE (trusty was released [0.14.7-2ubuntu1]) utopic_libraw: released (0.14.7-2ubuntu1) vivid_libraw: released (0.14.7-2ubuntu1) vivid/stable-phone-overlay_libraw: DNE vivid/ubuntu-core_libraw: DNE wily_libraw: released (0.14.7-2ubuntu1) xenial_libraw: released (0.14.7-2ubuntu1) esm-infra/xenial_libraw: released (0.14.7-2ubuntu1) yakkety_libraw: released (0.14.7-2ubuntu1) zesty_libraw: released (0.14.7-2ubuntu1) devel_libraw: released (0.14.7-2ubuntu1) Patches_darktable: upstream_darktable: released (1.2.1-2) lucid_darktable: DNE precise_darktable: ignored (reached end-of-life) precise/esm_darktable: DNE (precise was needed) quantal_darktable: ignored (reached end-of-life) raring_darktable: ignored (reached end-of-life) saucy_darktable: ignored (reached end-of-life) trusty_darktable: not-affected (1.4-2) trusty/esm_darktable: DNE (trusty was not-affected [1.4-2]) utopic_darktable: ignored (reached end-of-life) vivid_darktable: ignored (reached end-of-life) vivid/stable-phone-overlay_darktable: DNE vivid/ubuntu-core_darktable: DNE wily_darktable: ignored (reached end-of-life) xenial_darktable: not-affected (1.4-2) yakkety_darktable: not-affected (1.4-2) zesty_darktable: not-affected (1.4-2) devel_darktable: not-affected (1.4-2) Patches_libkdcraw: upstream_libkdcraw: needs-triage lucid_libkdcraw: DNE precise_libkdcraw: released (4:4.8.5-0ubuntu0.2) precise/esm_libkdcraw: DNE (precise was released [4:4.8.5-0ubuntu0.2]) quantal_libkdcraw: released (4:4.9.2-0ubuntu1.1) raring_libkdcraw: released (4:4.10.2-0ubuntu1.1) saucy_libkdcraw: released (4:4.10.4-0ubuntu2) trusty_libkdcraw: released (4:4.10.4-0ubuntu2) trusty/esm_libkdcraw: DNE (trusty was released [4:4.10.4-0ubuntu2]) utopic_libkdcraw: released (4:4.10.4-0ubuntu2) vivid_libkdcraw: released (4:4.10.4-0ubuntu2) vivid/stable-phone-overlay_libkdcraw: DNE vivid/ubuntu-core_libkdcraw: DNE wily_libkdcraw: released (4:4.10.4-0ubuntu2) xenial_libkdcraw: released (4:4.10.4-0ubuntu2) yakkety_libkdcraw: released (4:4.10.4-0ubuntu2) zesty_libkdcraw: released (4:4.10.4-0ubuntu2) devel_libkdcraw: released (4:4.10.4-0ubuntu2)