CVE-2013-2126

Priority
Description
Multiple double free vulnerabilities in the LibRaw::unpack function in
libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image
file.
Assigned-to
mdeslaur
Package
Upstream:released (1.2.1-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.4-2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.4-2)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [4:4.8.5-0ubuntu0.2])
Ubuntu 14.04 LTS (Trusty Tahr):released (4:4.10.4-0ubuntu2)
Ubuntu 16.04 LTS (Xenial Xerus):released (4:4.10.4-0ubuntu2)
Package
Upstream:released (0.15.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [0.14.4-0ubuntu2.1])
Ubuntu 14.04 LTS (Trusty Tahr):released (0.14.7-2ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.14.7-2ubuntu1)
Patches:
Upstream:https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6 (0.15.x)
Upstream:https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a (0.14.x)
More Information

Updated: 2019-03-19 12:10:34 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)