[SECURITY] [DLA 228-1] exactimage security update

2015-05-2807:14:06

lists.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.048 Low

EPSS

Percentile

92.7%

JSON

Package : exactimage
Version : 0.8.1-3+deb6u4
CVE ID : CVE-2015-3885
Debian Bug : 786785

A vulnerability has been discovered in the ExactImage image manipulation
programs.

CVE-2015-3885

Eduardo Castellanos discovered an Integer overflow in the dcraw version
included in ExactImage. This vulnerability allows remote attackers to
cause a denial of service (crash) via a crafted image.

For the oldoldstable distribution (squeeze), these problems have been fixed in
version 0.8.1-3+deb6u4.

For the oldstable, stable, and testing distributions, these problems will be
fixed soon.

OSVersionArchitecturePackageVersionFilename
Debian6allexactimage< 0.8.1-3+deb6u4exactimage_0.8.1-3+deb6u4_all.deb
Debian6alllibexactimage-perl< 0.8.1-3+deb6u4libexactimage-perl_0.8.1-3+deb6u4_all.deb
Debian6allpython-exactimage< 0.8.1-3+deb6u4python-exactimage_0.8.1-3+deb6u4_all.deb
Debian6allphp5-exactimage< 0.8.1-3+deb6u4php5-exactimage_0.8.1-3+deb6u4_all.deb
Debian6allexactimage-perl< 0.8.1-3+deb6u4exactimage-perl_0.8.1-3+deb6u4_all.deb
Debian6allexactimage-dbg< 0.8.1-3+deb6u4exactimage-dbg_0.8.1-3+deb6u4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	exactimage	< 0.8.1-3+deb6u4	exactimage_0.8.1-3+deb6u4_all.deb
Debian	6	all	libexactimage-perl	< 0.8.1-3+deb6u4	libexactimage-perl_0.8.1-3+deb6u4_all.deb
Debian	6	all	python-exactimage	< 0.8.1-3+deb6u4	python-exactimage_0.8.1-3+deb6u4_all.deb
Debian	6	all	php5-exactimage	< 0.8.1-3+deb6u4	php5-exactimage_0.8.1-3+deb6u4_all.deb
Debian	6	all	exactimage-perl	< 0.8.1-3+deb6u4	exactimage-perl_0.8.1-3+deb6u4_all.deb
Debian	6	all	exactimage-dbg	< 0.8.1-3+deb6u4	exactimage-dbg_0.8.1-3+deb6u4_all.deb