PT-2013-1244 · Libraw+1 · Libraw+1

Raphael Geissert

Published

2013-09-15

Updated

2014-02-10

CVE-2013-1439

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libraw versions 0.13.x through 0.15.3 libraw version 0.15.x before 0.15.4

Description The issue affects the "faster LJPEG decoder" in libraw, allowing context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. This can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For libraw versions 0.13.x through 0.15.3, update to version 0.15.4 or later. For libraw version 0.15.x before 0.15.4, update to version 0.15.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2014-1073

BDU:2015-09729

CVE-2013-1439

MGASA-2013-0301

MGASA-2013-0385

MGASA-2014-0050

USN-1964-1

USN-1978-1

Affected Products

Alt Linux

Libraw

PT-2013-1244 · Libraw+1 · Libraw+1

CVE-2013-1439

Related Identifiers

Affected Products

References · 27