CVE-2013-2127
Published: 14 August 2013
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Notes
| Author | Note |
|---|---|
| mdeslaur | only affects 0.15.x darktable embeds 0.14.x libkdcraw embeds 0.15.x on raring+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
darktable Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
libkdcraw Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Released
(4:4.10.2-0ubuntu1.1)
|
|
| upstream |
Needs triage
|
|
|
libraw Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| upstream |
Released
(0.15.1)
|
|
|
Patches: upstream: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d |
||