CVE-2013-2127
Published: 14 August 2013
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Notes
Author | Note |
---|---|
mdeslaur | only affects 0.15.x darktable embeds 0.14.x libkdcraw embeds 0.15.x on raring+ |
Priority
Status
Package | Release | Status |
---|---|---|
darktable Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Needs triage
|
|
libkdcraw Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Released
(4:4.10.2-0ubuntu1.1)
|
|
upstream |
Needs triage
|
|
libraw Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Released
(0.15.1)
|
|
Patches: upstream: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d |