CVE-2015-3885

Priority
Description
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
allows remote attackers to cause a denial of service (crash) via a crafted
image, which triggers a buffer overflow, related to the len variable.
Assigned-to
mdeslaur
Package
Upstream:released (1.4.2-1+deb8u1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.6.8-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.6.8-1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.6.8-1)
Ubuntu 19.10 (Eoan):not-affected (1.6.8-1)
Package
Source: dcraw (LP Ubuntu Debian)
Upstream:released (9.27-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (9.27-1)
Ubuntu 19.04 (Disco Dingo):not-affected (9.27-1)
Ubuntu 19.10 (Eoan):not-affected (9.27-1)
Package
Upstream:released (0.9.1-6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.9.1-6)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.9.1-6)
Ubuntu 19.04 (Disco Dingo):not-affected (0.9.1-6)
Ubuntu 19.10 (Eoan):not-affected (0.9.1-6)
Package
Upstream:released (3.15.4-6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.15.4-6)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.15.4-6)
Ubuntu 19.04 (Disco Dingo):not-affected (3.15.4-6)
Ubuntu 19.10 (Eoan):not-affected (3.15.4-6)
Package
Source: kodi (LP Ubuntu Debian)
Upstream:released (16.0~rc3+dfsg2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (16.0~rc3+dfsg2-1)
Ubuntu 19.04 (Disco Dingo):not-affected (16.0~rc3+dfsg2-1)
Ubuntu 19.10 (Eoan):not-affected (16.0~rc3+dfsg2-1)
Package
Upstream:released (0.16.0-9+deb8u3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [0.15.4-1ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.17.1-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.18.2-1)
Ubuntu 19.04 (Disco Dingo):not-affected (0.18.2-1)
Ubuntu 19.10 (Eoan):not-affected (0.18.2-1)
Patches:
Upstream:https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
Package
Upstream:released (4.2-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2-4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Source: ufraw (LP Ubuntu Debian)
Upstream:released (0.20-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.20-3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.20-3)
Ubuntu 19.04 (Disco Dingo):not-affected (0.20-3)
Ubuntu 19.10 (Eoan):DNE
Package
Source: xbmc (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-09-04 20:14:24 UTC (commit 13fdf6975206d0e42f0d75c0f1eaed805cb5cd68)