CVE-2013-1438

Priority
Description
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw,
ufraw, shotwell, and other products, allows context-dependent attackers to
cause a denial of service via a crafted photo file that triggers a (1)
divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
Notes
 jdstrand> upstream says to use 0.14-stable branch from github repo
 sbeattie> darktable as of 2.0.0 does not have embedded LibRaw anymore
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.0.3-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.0.3-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.0.3-1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.0.3-1)
Ubuntu 19.10 (Eoan):not-affected (2.0.3-1)
Package
Source: dcraw (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Upstream:released (0.8.9-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Trusty/esm:DNE (trusty was not-affected [0.8.9-3build1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.8.9-3build1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.8.9-3build1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (0.8.9-3build1)
Ubuntu 19.04 (Disco Dingo):not-affected (0.8.9-3build1)
Ubuntu 19.10 (Eoan):not-affected (0.8.9-3build1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [4:4.8.5-0ubuntu0.3])
Trusty/esm:DNE (trusty was not-affected [4:4.11.1-0ubuntu2])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (0.15.4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [0.14.4-0ubuntu2.2])
Trusty/esm:DNE (trusty was released [0.15.3-1ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.15.3-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.15.3-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (0.15.3-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (0.15.3-1ubuntu1)
Ubuntu 19.10 (Eoan):released (0.15.3-1ubuntu1)
Patches:
Upstream:https://github.com/LibRaw/LibRaw/commit/9ae25d8c3a6bfb40c582538193264f74c9b93bc0 (0.16.x)
Upstream:https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad (0.15.x)
Upstream:https://github.com/LibRaw/LibRaw/commit/c4e374ea6c979a7d1d968f5082b7d0ea8cd27202 (0.14.x)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: ufraw (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Trusty/esm:DNE (trusty was released [0.19.2-2ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.19.2-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.19.2-2ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (0.19.2-2ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (0.19.2-2ubuntu1)
Ubuntu 19.10 (Eoan):released (0.19.2-2ubuntu1)
Package
Source: xmbc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-04-26 14:14:40 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)