CVE-2013-2126
Published: 31 May 2013
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
darktable Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
(precise was needed)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.4-2])
|
|
| upstream |
Released
(1.2.1-2)
|
|
| utopic |
Ignored
(reached end-of-life)
|
|
| vivid |
Ignored
(reached end-of-life)
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Not vulnerable
(1.4-2)
|
|
| yakkety |
Not vulnerable
(1.4-2)
|
|
| zesty |
Not vulnerable
(1.4-2)
|
|
|
libkdcraw Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
(precise was released [4:4.8.5-0ubuntu0.2])
|
|
| quantal |
Released
(4:4.9.2-0ubuntu1.1)
|
|
| raring |
Released
(4:4.10.2-0ubuntu1.1)
|
|
| saucy |
Released
(4:4.10.4-0ubuntu2)
|
|
| trusty |
Does not exist
(trusty was released [4:4.10.4-0ubuntu2])
|
|
| upstream |
Needs triage
|
|
| utopic |
Released
(4:4.10.4-0ubuntu2)
|
|
| vivid |
Released
(4:4.10.4-0ubuntu2)
|
|
| wily |
Released
(4:4.10.4-0ubuntu2)
|
|
| xenial |
Released
(4:4.10.4-0ubuntu2)
|
|
| yakkety |
Released
(4:4.10.4-0ubuntu2)
|
|
| zesty |
Released
(4:4.10.4-0ubuntu2)
|
|
|
libraw Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
(precise was released [0.14.4-0ubuntu2.1])
|
|
| quantal |
Released
(0.14.7-0ubuntu1.12.10.1)
|
|
| raring |
Released
(0.14.7-0ubuntu1.13.04.1)
|
|
| saucy |
Released
(0.14.7-2ubuntu1)
|
|
| trusty |
Does not exist
(trusty was released [0.14.7-2ubuntu1])
|
|
| upstream |
Released
(0.15.2)
|
|
| utopic |
Released
(0.14.7-2ubuntu1)
|
|
| vivid |
Released
(0.14.7-2ubuntu1)
|
|
| wily |
Released
(0.14.7-2ubuntu1)
|
|
| xenial |
Released
(0.14.7-2ubuntu1)
|
|
| yakkety |
Released
(0.14.7-2ubuntu1)
|
|
| zesty |
Released
(0.14.7-2ubuntu1)
|
|
|
Patches: upstream: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6 (0.15.x) upstream: https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a (0.14.x) |
||