CVE-2013-1438

Name of the Vulnerable Software and Affected Versions dcraw versions 0.8.x through 0.8.9 libraw versions prior to 0.15.4

Description The issue allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a divide-by-zero, infinite loop, or NULL pointer dereference. Multiple vulnerabilities in the libraw package can lead to violations of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely.

Recommendations For dcraw versions 0.8.x through 0.8.9, update to a version later than 0.8.9 to resolve the issue. For libraw versions prior to 0.15.4, update to version 0.15.4 or later to fix the vulnerabilities.