4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.048 Low
EPSS
Percentile
92.7%
Package : exactimage
Version : 0.8.1-3+deb6u4
CVE ID : CVE-2015-3885
Debian Bug : 786785
A vulnerability has been discovered in the ExactImage image manipulation
programs.
CVE-2015-3885
Eduardo Castellanos discovered an Integer overflow in the dcraw version
included in ExactImage. This vulnerability allows remote attackers to
cause a denial of service (crash) via a crafted image.
For the oldoldstable distribution (squeeze), these problems have been fixed in
version 0.8.1-3+deb6u4.
For the oldstable, stable, and testing distributions, these problems will be
fixed soon.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | exactimage | < 0.8.1-3+deb6u4 | exactimage_0.8.1-3+deb6u4_all.deb |
Debian | 6 | all | libexactimage-perl | < 0.8.1-3+deb6u4 | libexactimage-perl_0.8.1-3+deb6u4_all.deb |
Debian | 6 | all | python-exactimage | < 0.8.1-3+deb6u4 | python-exactimage_0.8.1-3+deb6u4_all.deb |
Debian | 6 | all | php5-exactimage | < 0.8.1-3+deb6u4 | php5-exactimage_0.8.1-3+deb6u4_all.deb |
Debian | 6 | all | exactimage-perl | < 0.8.1-3+deb6u4 | exactimage-perl_0.8.1-3+deb6u4_all.deb |
Debian | 6 | all | exactimage-dbg | < 0.8.1-3+deb6u4 | exactimage-dbg_0.8.1-3+deb6u4_all.deb |