{"cve": [{"lastseen": "2021-02-02T06:06:49", "description": "The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.", "edition": 4, "cvss3": {}, "published": "2013-09-16T19:14:00", "title": "CVE-2013-1439", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1439"], "modified": "2013-11-15T04:39:00", "cpe": ["cpe:/a:libraw:libraw:0.14.0", "cpe:/a:libraw:libraw:0.15.1", "cpe:/a:libraw:libraw:0.13.6", "cpe:/a:libraw:libraw:0.13.1", "cpe:/a:libraw:libraw:0.14.2", "cpe:/a:libraw:libraw:0.13.7", "cpe:/a:libraw:libraw:0.13.8", "cpe:/a:libraw:libraw:0.14.6", "cpe:/a:libraw:libraw:0.15.2", "cpe:/a:libraw:libraw:0.15.3", "cpe:/a:libraw:libraw:0.14.1", "cpe:/a:libraw:libraw:0.14.4", "cpe:/a:libraw:libraw:0.13.3", "cpe:/a:libraw:libraw:0.14.5", "cpe:/a:libraw:libraw:0.13.4", "cpe:/a:libraw:libraw:0.14.3", "cpe:/a:libraw:libraw:0.13.5", "cpe:/a:libraw:libraw:0.13.2", "cpe:/a:libraw:libraw:0.14.7", "cpe:/a:libraw:libraw:0.13.0", "cpe:/a:libraw:libraw:0.15.0"], "id": "CVE-2013-1439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1439", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libraw:libraw:0.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.8:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.6:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.6:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.7:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.7:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.5:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:libraw:libraw:0.13.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:48", "description": "Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.", "edition": 4, "cvss3": {}, "published": "2014-01-19T18:02:00", "title": "CVE-2013-1438", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1438"], "modified": "2016-11-28T19:08:00", "cpe": ["cpe:/a:dave_coffin:dcraw:0.8.0", "cpe:/a:dave_coffin:dcraw:0.8.9", "cpe:/a:dave_coffin:dcraw:0.8.4", "cpe:/a:dave_coffin:dcraw:0.8.7", "cpe:/a:dave_coffin:dcraw:0.8.8", "cpe:/a:dave_coffin:dcraw:0.8.1", "cpe:/a:dave_coffin:dcraw:0.8.3", "cpe:/a:dave_coffin:dcraw:0.8.2", "cpe:/a:dave_coffin:dcraw:0.8.5", "cpe:/a:dave_coffin:dcraw:0.8.6"], "id": "CVE-2013-1438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1438", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:dave_coffin:dcraw:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:dave_coffin:dcraw:0.8.2:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Crash on raw images parsing.", "edition": 1, "modified": "2013-10-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "SECURITYVULNS:VULN:13290", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13290", "title": "libraw / libKDCraw DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1978-1\r\nSeptember 30, 2013\r\n\r\nlibkdcraw vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nlibKDcraw could be made to crash if it opened a specially crafted file.\r\n\r\nSoftware Description:\r\n- libkdcraw: RAW picture decoding library\r\n\r\nDetails:\r\n\r\nIt was discovered that libKDcraw incorrectly handled photo files. If a user\r\nor automated system were tricked into processing a specially crafted photo\r\nfile, applications linked against libKDcraw could be made to crash,\r\nresulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libkdcraw20 4:4.8.5-0ubuntu0.3\r\n\r\nAfter a standard system update you need to restart your session to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1978-1\r\n CVE-2013-1438, CVE-2013-1439\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libkdcraw/4:4.8.5-0ubuntu0.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2013-10-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "SECURITYVULNS:DOC:29825", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29825", "title": "[USN-1978-1] libKDcraw vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-1438"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2748-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nSeptember 01, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : exactimage\r\nVulnerability : denial of service\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2013-1438\r\nDebian Bug : 721236\r\n\r\nSeveral denial-of-service vulnerabilities were discovered in the dcraw\r\ncode base, a program for procesing raw format images from digital\r\ncameras. This update corrects them in the copy that is embedded in\r\nthe exactimage package.\r\n\r\nFor the oldstable distribution (squeeze), this problem has been fixed in\r\nversion 0.8.1-3+deb6u2.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 0.8.5-5+deb7u2.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.8.9-1.\r\n\r\nWe recommend that you upgrade your exactimage packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJSIxKIAAoJEL97/wQC1SS+rL0H/iaAJC+uHCdUfTHW6gt1M2jZ\r\nMPIeyeZZFbYiZPDjdn1xT6XJ8G5q59SjczKxBGvXjXBozmhoOoA7dG25goTHoUQt\r\nKvtQDEbddbEW0MYBRlJHaCn+rVWm7gvVpp2wL7mONkfA3UyeVaYRIGcWBexbhNrB\r\nP4FOvxAxdmfz7Me1MaWx7vvibkakeUWrhyd6QvYKeX4AVJXOCpO7onYGeCczHlD3\r\n+rmPCpd6ur16AfaTRD5g+rQASmmY0R4zVihznQBtiAin5Hm/1H25F9552o301rVJ\r\nEgnjvd2KocYjl/fCWbTqXeUToh/kB5KZ9/g7qYHP2XlxdOV31NNP8q/Y21jteyI=\r\n=xOXt\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2013-09-09T00:00:00", "published": "2013-09-09T00:00:00", "id": "SECURITYVULNS:DOC:29799", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29799", "title": "[SECURITY] [DSA 2748-1] exactimage security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-1438"], "description": "Few dcraw vulnerabilities", "edition": 1, "modified": "2013-09-09T00:00:00", "published": "2013-09-09T00:00:00", "id": "SECURITYVULNS:VULN:13273", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13273", "title": "exactimage DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "UFRaw is a tool for opening raw format images of digital cameras. ", "modified": "2013-12-16T23:05:40", "published": "2013-12-16T23:05:40", "id": "FEDORA:18F52235DE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: ufraw-0.19.2-10.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. ", "modified": "2013-12-16T23:04:59", "published": "2013-12-16T23:04:59", "id": "FEDORA:0F98323250", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: dcraw-9.19-4.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "UFRaw is a tool for opening raw format images of digital cameras. ", "modified": "2013-12-16T23:02:21", "published": "2013-12-16T23:02:21", "id": "FEDORA:B9D6A22D09", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: ufraw-0.19.2-10.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. ", "modified": "2013-12-17T19:15:50", "published": "2013-12-17T19:15:50", "id": "FEDORA:A4E9922629", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: dcraw-9.19-4.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future. ", "modified": "2013-09-09T23:50:03", "published": "2013-09-09T23:50:03", "id": "FEDORA:87B0C21CC2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: LibRaw-0.14.8-3.fc19.20120830git98d925", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. ", "modified": "2013-12-16T23:00:04", "published": "2013-12-16T23:00:04", "id": "FEDORA:0073C2348C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: dcraw-9.19-4.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439", "CVE-2013-2126"], "description": "LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future. ", "modified": "2013-09-09T23:59:19", "published": "2013-09-09T23:59:19", "id": "FEDORA:7777421DF1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: LibRaw-0.14.8-3.fc18.20120830git98d925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2015-3885"], "description": "This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. ", "modified": "2015-06-06T00:07:51", "published": "2015-06-06T00:07:51", "id": "FEDORA:3509160C4224", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: dcraw-9.25.0-2.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2015-3885"], "description": "UFRaw is a tool for opening raw format images of digital cameras. ", "modified": "2015-06-05T23:50:30", "published": "2015-06-05T23:50:30", "id": "FEDORA:2A5B060918E0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: ufraw-0.21-1.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2015-3885"], "description": "This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras. ", "modified": "2015-06-05T23:45:46", "published": "2015-06-05T23:45:46", "id": "FEDORA:D67F56092055", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: dcraw-9.25.0-2.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:11:32", "description": "This update hardens dcraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-18T00:00:00", "title": "Fedora 20 : dcraw-9.19-4.fc20 (2013-22854)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-12-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:dcraw"], "id": "FEDORA_2013-22854.NASL", "href": "https://www.tenable.com/plugins/nessus/71504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22854.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71504);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"FEDORA\", value:\"2013-22854\");\n\n script_name(english:\"Fedora 20 : dcraw-9.19-4.fc20 (2013-22854)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update hardens dcraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002714\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124259.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df5d6765\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dcraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"dcraw-9.19-4.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dcraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T07:23:01", "description": "It was discovered that libKDcraw incorrectly handled photo files. If a\nuser or automated system were tricked into processing a specially\ncrafted photo file, applications linked against libKDcraw could be\nmade to crash, resulting in a denial of service. (CVE-2013-1438,\nCVE-2013-1439).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-10-01T00:00:00", "title": "Ubuntu 12.04 LTS : libkdcraw vulnerabilities (USN-1978-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkdcraw20", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1978-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70253", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1978-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70253);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"USN\", value:\"1978-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : libkdcraw vulnerabilities (USN-1978-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libKDcraw incorrectly handled photo files. If a\nuser or automated system were tricked into processing a specially\ncrafted photo file, applications linked against libKDcraw could be\nmade to crash, resulting in a denial of service. (CVE-2013-1438,\nCVE-2013-1439).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1978-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libkdcraw20 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdcraw20\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkdcraw20\", pkgver:\"4:4.8.5-0ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libkdcraw20\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:01", "description": "Raphael Geissert reported two denial of service flaws in LibRaw [1] :\n\nCVE-2013-1438 :\n\nSpecially crafted photo files may trigger a division by zero, an\ninfinite loop, or a NULL pointer dereference in libraw leading to\ndenial of service in applications using the library. These\nvulnerabilities appear to originate in dcraw and as such any program\nor library based on it is affected. To name a few confirmed\napplications: dcraw, ufraw. Other affected software: shotwell,\ndarktable, and libkdcraw (Qt-style interface to libraw, using embedded\ncopy) which is used by digikam.\n\nGoogle Picasa apparently uses dcraw/ufraw so it might be affected.\ndcraw's homepage has a list of applications that possibly still use\nit: http://cybercom.net/~dcoffin/dcraw/\n\nAffected versions of libraw: confirmed: 0.8-0.15.3; but it is likely\nthat all versions are affected.\n\nFixed in: libraw 0.15.4\n\nCVE-2013-1439 :\n\nSpecially crafted photo files may trigger a series of conditions in\nwhich a NULL pointer is dereferenced leading to denial of service in\napplications using the library. These three vulnerabilities are\nin/related to the 'faster LJPEG decoder', which upstream states was\nintroduced in LibRaw 0.13 and support for which is going to be dropped\nin 0.16.\n\nAffected versions of libraw: 0.13.x-0.15.x\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-09-10T00:00:00", "title": "Fedora 19 : LibRaw-0.14.8-3.fc19.20120830git98d925 (2013-15562)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-09-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:LibRaw"], "id": "FEDORA_2013-15562.NASL", "href": "https://www.tenable.com/plugins/nessus/69820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15562.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69820);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"FEDORA\", value:\"2013-15562\");\n\n script_name(english:\"Fedora 19 : LibRaw-0.14.8-3.fc19.20120830git98d925 (2013-15562)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Raphael Geissert reported two denial of service flaws in LibRaw [1] :\n\nCVE-2013-1438 :\n\nSpecially crafted photo files may trigger a division by zero, an\ninfinite loop, or a NULL pointer dereference in libraw leading to\ndenial of service in applications using the library. These\nvulnerabilities appear to originate in dcraw and as such any program\nor library based on it is affected. To name a few confirmed\napplications: dcraw, ufraw. Other affected software: shotwell,\ndarktable, and libkdcraw (Qt-style interface to libraw, using embedded\ncopy) which is used by digikam.\n\nGoogle Picasa apparently uses dcraw/ufraw so it might be affected.\ndcraw's homepage has a list of applications that possibly still use\nit: http://cybercom.net/~dcoffin/dcraw/\n\nAffected versions of libraw: confirmed: 0.8-0.15.3; but it is likely\nthat all versions are affected.\n\nFixed in: libraw 0.15.4\n\nCVE-2013-1439 :\n\nSpecially crafted photo files may trigger a series of conditions in\nwhich a NULL pointer is dereferenced leading to denial of service in\napplications using the library. These three vulnerabilities are\nin/related to the 'faster LJPEG decoder', which upstream states was\nintroduced in LibRaw 0.13 and support for which is going to be dropped\nin 0.16.\n\nAffected versions of libraw: 0.13.x-0.15.x\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cybercom.net/~dcoffin/dcraw/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002717\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115367.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3517066a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected LibRaw package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"LibRaw-0.14.8-3.fc19.20120830git98d925\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibRaw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:33", "description": "This update hardens dcraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-17T00:00:00", "title": "Fedora 18 : dcraw-9.19-4.fc18 (2013-22929)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-12-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:dcraw"], "id": "FEDORA_2013-22929.NASL", "href": "https://www.tenable.com/plugins/nessus/71482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22929.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71482);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_xref(name:\"FEDORA\", value:\"2013-22929\");\n\n script_name(english:\"Fedora 18 : dcraw-9.19-4.fc18 (2013-22929)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update hardens dcraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002714\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124190.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?645481ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dcraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"dcraw-9.19-4.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dcraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T07:22:59", "description": "It was discovered that LibRaw incorrectly handled photo files. If a\nuser or automated system were tricked into processing a specially\ncrafted photo file, applications linked against LibRaw could be made\nto crash, resulting in a denial of service. (CVE-2013-1438,\nCVE-2013-1439).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-09-24T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 : libraw vulnerabilities (USN-1964-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libraw5", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1964-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70086", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1964-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70086);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"USN\", value:\"1964-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 : libraw vulnerabilities (USN-1964-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that LibRaw incorrectly handled photo files. If a\nuser or automated system were tricked into processing a specially\ncrafted photo file, applications linked against LibRaw could be made\nto crash, resulting in a denial of service. (CVE-2013-1438,\nCVE-2013-1439).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1964-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libraw5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libraw5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libraw5\", pkgver:\"0.14.4-0ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libraw5\", pkgver:\"0.14.7-0ubuntu1.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libraw5\", pkgver:\"0.14.7-0ubuntu1.13.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libraw5\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:32", "description": "This update hardens dcraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-17T00:00:00", "title": "Fedora 19 : dcraw-9.19-4.fc19 (2013-22900)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-12-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:dcraw"], "id": "FEDORA_2013-22900.NASL", "href": "https://www.tenable.com/plugins/nessus/71480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22900.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71480);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_xref(name:\"FEDORA\", value:\"2013-22900\");\n\n script_name(english:\"Fedora 19 : dcraw-9.19-4.fc19 (2013-22900)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update hardens dcraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002714\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124176.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?801d2360\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dcraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"dcraw-9.19-4.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dcraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:31", "description": "This update hardens ufraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-18T00:00:00", "title": "Fedora 20 : ufraw-0.19.2-10.fc20 (2013-22832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ufraw", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-22832.NASL", "href": "https://www.tenable.com/plugins/nessus/71503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22832.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71503);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"FEDORA\", value:\"2013-22832\");\n\n script_name(english:\"Fedora 20 : ufraw-0.19.2-10.fc20 (2013-22832)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update hardens ufraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002714\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124238.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02ff1142\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ufraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ufraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"ufraw-0.19.2-10.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ufraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:54:22", "description": "Updated libraw packages fix security vulnerabilities :\n\nIt was discovered that LibRaw incorrectly handled photo files. If a\nuser or automated system were tricked into processing a specially\ncrafted photo file, applications linked against LibRaw could be made\nto crash, resulting in a denial of service (CVE-2013-1438,\nCVE-2013-1439).", "edition": 24, "published": "2013-10-11T00:00:00", "title": "Mandriva Linux Security Advisory : libraw (MDVSA-2013:249)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-10-11T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64raw-devel", "p-cpe:/a:mandriva:linux:lib64raw5", "p-cpe:/a:mandriva:linux:libraw-tools", "p-cpe:/a:mandriva:linux:lib64raw_r5"], "id": "MANDRIVA_MDVSA-2013-249.NASL", "href": "https://www.tenable.com/plugins/nessus/70385", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:249. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70385);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"MDVSA\", value:\"2013:249\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libraw (MDVSA-2013:249)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libraw packages fix security vulnerabilities :\n\nIt was discovered that LibRaw incorrectly handled photo files. If a\nuser or automated system were tricked into processing a specially\ncrafted photo file, applications linked against LibRaw could be made\nto crash, resulting in a denial of service (CVE-2013-1438,\nCVE-2013-1439).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0301.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64raw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64raw5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64raw_r5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libraw-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64raw-devel-0.14.5-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64raw5-0.14.5-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64raw_r5-0.14.5-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libraw-tools-0.14.5-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:01", "description": "Raphael Geissert reported two denial of service flaws in LibRaw [1] :\n\nCVE-2013-1438 :\n\nSpecially crafted photo files may trigger a division by zero, an\ninfinite loop, or a NULL pointer dereference in libraw leading to\ndenial of service in applications using the library. These\nvulnerabilities appear to originate in dcraw and as such any program\nor library based on it is affected. To name a few confirmed\napplications: dcraw, ufraw. Other affected software: shotwell,\ndarktable, and libkdcraw (Qt-style interface to libraw, using embedded\ncopy) which is used by digikam.\n\nGoogle Picasa apparently uses dcraw/ufraw so it might be affected.\ndcraw's homepage has a list of applications that possibly still use\nit: http://cybercom.net/~dcoffin/dcraw/\n\nAffected versions of libraw: confirmed: 0.8-0.15.3; but it is likely\nthat all versions are affected.\n\nFixed in: libraw 0.15.4\n\nCVE-2013-1439 :\n\nSpecially crafted photo files may trigger a series of conditions in\nwhich a NULL pointer is dereferenced leading to denial of service in\napplications using the library. These three vulnerabilities are\nin/related to the 'faster LJPEG decoder', which upstream states was\nintroduced in LibRaw 0.13 and support for which is going to be dropped\nin 0.16.\n\nAffected versions of libraw: 0.13.x-0.15.x\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-09-10T00:00:00", "title": "Fedora 18 : LibRaw-0.14.8-3.fc18.20120830git98d925 (2013-15576)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-09-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:LibRaw"], "id": "FEDORA_2013-15576.NASL", "href": "https://www.tenable.com/plugins/nessus/69821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15576.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69821);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_bugtraq_id(62057, 62060);\n script_xref(name:\"FEDORA\", value:\"2013-15576\");\n\n script_name(english:\"Fedora 18 : LibRaw-0.14.8-3.fc18.20120830git98d925 (2013-15576)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Raphael Geissert reported two denial of service flaws in LibRaw [1] :\n\nCVE-2013-1438 :\n\nSpecially crafted photo files may trigger a division by zero, an\ninfinite loop, or a NULL pointer dereference in libraw leading to\ndenial of service in applications using the library. These\nvulnerabilities appear to originate in dcraw and as such any program\nor library based on it is affected. To name a few confirmed\napplications: dcraw, ufraw. Other affected software: shotwell,\ndarktable, and libkdcraw (Qt-style interface to libraw, using embedded\ncopy) which is used by digikam.\n\nGoogle Picasa apparently uses dcraw/ufraw so it might be affected.\ndcraw's homepage has a list of applications that possibly still use\nit: http://cybercom.net/~dcoffin/dcraw/\n\nAffected versions of libraw: confirmed: 0.8-0.15.3; but it is likely\nthat all versions are affected.\n\nFixed in: libraw 0.15.4\n\nCVE-2013-1439 :\n\nSpecially crafted photo files may trigger a series of conditions in\nwhich a NULL pointer is dereferenced leading to denial of service in\napplications using the library. These three vulnerabilities are\nin/related to the 'faster LJPEG decoder', which upstream states was\nintroduced in LibRaw 0.13 and support for which is going to be dropped\nin 0.16.\n\nAffected versions of libraw: 0.13.x-0.15.x\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cybercom.net/~dcoffin/dcraw/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002717\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115414.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50da6143\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected LibRaw package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"LibRaw-0.14.8-3.fc18.20120830git98d925\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibRaw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:33", "description": "This update hardens ufraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-17T00:00:00", "title": "Fedora 19 : ufraw-0.19.2-10.fc19 (2013-22924)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "modified": "2013-12-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ufraw", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-22924.NASL", "href": "https://www.tenable.com/plugins/nessus/71481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22924.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71481);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_xref(name:\"FEDORA\", value:\"2013-22924\");\n\n script_name(english:\"Fedora 19 : ufraw-0.19.2-10.fc19 (2013-22924)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update hardens ufraw against corrupt input files which might\ntrigger a division by zero, an infinite loop, or a NULL pointer\ndereference otherwise.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002714\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124183.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8154bea0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ufraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ufraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"ufraw-0.19.2-10.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ufraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "It was discovered that libKDcraw incorrectly handled photo files. If a user \nor automated system were tricked into processing a specially crafted photo \nfile, applications linked against libKDcraw could be made to crash, \nresulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)", "edition": 5, "modified": "2013-09-30T00:00:00", "published": "2013-09-30T00:00:00", "id": "USN-1978-1", "href": "https://ubuntu.com/security/notices/USN-1978-1", "title": "libKDcraw vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:44:16", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "It was discovered that LibRaw incorrectly handled photo files. If a user or \nautomated system were tricked into processing a specially crafted photo \nfile, applications linked against LibRaw could be made to crash, resulting \nin a denial of service. (CVE-2013-1438, CVE-2013-1439)", "edition": 5, "modified": "2013-09-23T00:00:00", "published": "2013-09-23T00:00:00", "id": "USN-1964-1", "href": "https://ubuntu.com/security/notices/USN-1964-1", "title": "LibRaw vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2018-01-22T13:10:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of dcraw", "modified": "2018-01-22T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867151", "href": "http://plugins.openvas.org/nasl.php?oid=867151", "type": "openvas", "title": "Fedora Update for dcraw FEDORA-2013-22929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dcraw FEDORA-2013-22929\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867151);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:15 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for dcraw FEDORA-2013-22929\");\n\n tag_insight = \"This package contains dcraw, a command line tool to decode raw image data\ndownloaded from digital cameras.\n\";\n\n tag_affected = \"dcraw on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22929\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124190.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of dcraw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"dcraw\", rpm:\"dcraw~9.19~4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:09:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of libraw", "modified": "2018-01-19T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:841566", "href": "http://plugins.openvas.org/nasl.php?oid=841566", "type": "openvas", "title": "Ubuntu Update for libraw USN-1964-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1964_1.nasl 8466 2018-01-19 06:58:30Z teissa $\n#\n# Ubuntu Update for libraw USN-1964-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841566);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:49:12 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for libraw USN-1964-1\");\n\n tag_insight = \"It was discovered that LibRaw incorrectly handled photo files. If a user or\nautomated system were tricked into processing a specially crafted photo\nfile, applications linked against LibRaw could be made to crash, resulting\nin a denial of service. (CVE-2013-1438, CVE-2013-1439)\";\n\n tag_affected = \"libraw on Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1964-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1964-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of libraw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraw5\", ver:\"0.14.4-0ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraw5\", ver:\"0.14.7-0ubuntu1.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraw5\", ver:\"0.14.7-0ubuntu1.13.04.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of LibRaw", "modified": "2018-01-25T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:866879", "href": "http://plugins.openvas.org/nasl.php?oid=866879", "type": "openvas", "title": "Fedora Update for LibRaw FEDORA-2013-15562", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for LibRaw FEDORA-2013-15562\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866879);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:34:37 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for LibRaw FEDORA-2013-15562\");\n\n tag_insight = \"LibRaw is a library for reading RAW files obtained from digital photo\ncameras (CRW/CR2, NEF, RAF, DNG, and others).\n\nLibRaw is based on the source codes of the dcraw utility, where part of\ndrawbacks have already been eliminated and part will be fixed in future.\n\";\n\n tag_affected = \"LibRaw on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15562\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115367.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of LibRaw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"LibRaw\", rpm:\"LibRaw~0.14.8~3.fc19.20120830git98d925\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310866879", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866879", "type": "openvas", "title": "Fedora Update for LibRaw FEDORA-2013-15562", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for LibRaw FEDORA-2013-15562\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866879\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:34:37 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for LibRaw FEDORA-2013-15562\");\n\n\n script_tag(name:\"affected\", value:\"LibRaw on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15562\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115367.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'LibRaw'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"LibRaw\", rpm:\"LibRaw~0.14.8~3.fc19.20120830git98d925\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867151", "type": "openvas", "title": "Fedora Update for dcraw FEDORA-2013-22929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dcraw FEDORA-2013-22929\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867151\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:15 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for dcraw FEDORA-2013-22929\");\n\n\n script_tag(name:\"affected\", value:\"dcraw on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22929\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124190.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dcraw'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"dcraw\", rpm:\"dcraw~9.19~4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of ufraw", "modified": "2017-07-10T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:867356", "href": "http://plugins.openvas.org/nasl.php?oid=867356", "type": "openvas", "title": "Fedora Update for ufraw FEDORA-2013-22832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ufraw FEDORA-2013-22832\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867356);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 20:10:43 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for ufraw FEDORA-2013-22832\");\n\n tag_insight = \"UFRaw is a tool for opening raw format images of digital cameras.\n\";\n\n tag_affected = \"ufraw on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22832\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124238.html\");\n script_summary(\"Check for the Version of ufraw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ufraw\", rpm:\"ufraw~0.19.2~10.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of dcraw", "modified": "2018-01-26T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867112", "href": "http://plugins.openvas.org/nasl.php?oid=867112", "type": "openvas", "title": "Fedora Update for dcraw FEDORA-2013-22900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dcraw FEDORA-2013-22900\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867112);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:38:43 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for dcraw FEDORA-2013-22900\");\n\n tag_insight = \"This package contains dcraw, a command line tool to decode raw image data\ndownloaded from digital cameras.\n\";\n\n tag_affected = \"dcraw on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22900\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124176.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of dcraw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"dcraw\", rpm:\"dcraw~9.19~4.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867144", "type": "openvas", "title": "Fedora Update for ufraw FEDORA-2013-22899", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ufraw FEDORA-2013-22899\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867144\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:47:39 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for ufraw FEDORA-2013-22899\");\n\n\n script_tag(name:\"affected\", value:\"ufraw on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22899\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124193.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ufraw'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"ufraw\", rpm:\"ufraw~0.19.2~10.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-02-05T11:10:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of ufraw", "modified": "2018-02-03T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867159", "href": "http://plugins.openvas.org/nasl.php?oid=867159", "type": "openvas", "title": "Fedora Update for ufraw FEDORA-2013-22924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ufraw FEDORA-2013-22924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867159);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:42 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for ufraw FEDORA-2013-22924\");\n\n tag_insight = \"UFRaw is a tool for opening raw format images of digital cameras.\n\";\n\n tag_affected = \"ufraw on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22924\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124183.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of ufraw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"ufraw\", rpm:\"ufraw~0.19.2~10.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:09:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1438", "CVE-2013-1439"], "description": "Check for the Version of ufraw", "modified": "2018-01-23T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867144", "href": "http://plugins.openvas.org/nasl.php?oid=867144", "type": "openvas", "title": "Fedora Update for ufraw FEDORA-2013-22899", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ufraw FEDORA-2013-22899\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867144);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:47:39 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-1438\", \"CVE-2013-1439\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for ufraw FEDORA-2013-22899\");\n\n tag_insight = \"UFRaw is a tool for opening raw format images of digital cameras.\n\";\n\n tag_affected = \"ufraw on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22899\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124193.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of ufraw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"ufraw\", rpm:\"ufraw~0.19.2~10.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:07", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2127", "CVE-2013-2126", "CVE-2013-1438", "CVE-2013-1439"], "description": "### Background\n\nLibRaw is a library for reading RAW files obtained from digital photo cameras. libkdcraw is a wrapper for LibRaw within KDE. \n\n### Description\n\nMultiple vulnerabilities have been discovered in LibRaw and libkdcraw. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file, possibly resulting in arbitrary code execution or Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll LibRaw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libraw-0.15.4\"\n \n\nAll libkdcraw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/libkdcraw-4.10.5-r1\"", "edition": 1, "modified": "2013-09-15T00:00:00", "published": "2013-09-15T00:00:00", "id": "GLSA-201309-09", "href": "https://security.gentoo.org/glsa/201309-09", "type": "gentoo", "title": "LibRaw, libkdcraw: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:20:14", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2748-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 01, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : exactimage\nVulnerability : denial of service\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2013-1438\nDebian Bug : 721236\n\nSeveral denial-of-service vulnerabilities were discovered in the dcraw\ncode base, a program for procesing raw format images from digital\ncameras. This update corrects them in the copy that is embedded in\nthe exactimage package.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.8.1-3+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.5-5+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.9-1.\n\nWe recommend that you upgrade your exactimage packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2013-09-01T10:23:02", "published": "2013-09-01T10:23:02", "id": "DEBIAN:DSA-2748-1:49C31", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00158.html", "title": "[SECURITY] [DSA 2748-1] exactimage security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:12:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1438", "CVE-2013-1441"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2754-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 10, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : exactimage\nVulnerability : denial of service\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2013-1441\n\nIt was discovered that exactimage, a fast image processing library,\ndoes not correctly handle error conditions of the embedded copy of\ndcraw. This could result in a crash or other behaviour in an\napplication using the library due to an uninitialized variable being\npassed to longjmp.\n\nThis is a different issue than CVE-2013-1438/DSA-2748-1.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.8.1-3+deb6u3.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.5-5+deb7u3.\n\nFor the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 0.8.9-2.\n\nWe recommend that you upgrade your exactimage packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2013-09-10T22:29:12", "published": "2013-09-10T22:29:12", "id": "DEBIAN:DSA-2754-1:9F717", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00164.html", "title": "[SECURITY] [DSA 2754-1] exactimage security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
