{"id": "FEDORA:E13C3605F90D", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 22 Update: rawstudio-2.1-0.1.20150511git983bda1.fc22", "description": "Rawstudio is a highly specialized application for processing RAW images from digital cameras. It is not a fully featured image editing application. The RAW format is often recommended to get the best quality out of digital camera images. The format is specific to cameras and cannot be read by most image editing applications. Rawstudio makes it possible to read and manipulate RAW images, experiment with the controls to see how they affect the image, and finally export into JPEG, PNG or TIF format images from most digital cameras. ", "published": "2015-07-18T02:03:20", "modified": "2015-07-18T02:03:20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2014-4978", "CVE-2015-3885"], "lastseen": "2020-12-21T08:17:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-4978", "CVE-2015-3885"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869607", "OPENVAS:1361412562310869412", "OPENVAS:1361412562311220192489", "OPENVAS:1361412562310869418", "OPENVAS:1361412562310869378", "OPENVAS:1361412562310869773", "OPENVAS:1361412562310869769", "OPENVAS:1361412562310869377", "OPENVAS:1361412562310869572", "OPENVAS:1361412562310869393"]}, {"type": "nessus", "idList": ["FEDORA_2015-8170.NASL", "FEDORA_2015-8699.NASL", "FEDORA_2015-8196.NASL", "FEDORA_2015-8247.NASL", "FEDORA_2015-8498.NASL", "FEDORA_2015-8647.NASL", "DEBIAN_DLA-228.NASL", "FEDORA_2015-8266.NASL", "FREEBSD_PKG_57325ECFFACC11E4968FB888E347C638.NASL", "FEDORA_2015-8717.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201706-17", "GLSA-201701-54"]}, {"type": "debian", "idList": ["DEBIAN:DLA-243-1:E47ED", "DEBIAN:DSA-3692-1:09CE8", "DEBIAN:DLA-228-1:754CD", "DEBIAN:DLA-241-1:A3226"]}, {"type": "freebsd", "idList": ["57325ECF-FACC-11E4-968F-B888E347C638"]}, {"type": "fedora", "idList": ["FEDORA:EBE4A6014779", "FEDORA:15A026087803", "FEDORA:BA2F96087A80", "FEDORA:0B1396095B47", "FEDORA:2C95B60648FE", "FEDORA:798666087C82", "FEDORA:7F9746087CEB", "FEDORA:D9BF4609392D", "FEDORA:BD8F26090BEC", "FEDORA:01DF2608780B"]}, {"type": "ubuntu", "idList": ["USN-3492-1"]}], "modified": "2020-12-21T08:17:53", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2020-12-21T08:17:53", "rev": 2}, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "22", "arch": "any", "packageName": "rawstudio", "packageVersion": "2.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-10-03T12:01:19", "description": "The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-29T22:29:00", "title": "CVE-2014-4978", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4978"], "modified": "2018-01-10T19:21:00", "cpe": ["cpe:/a:rawstudio:rawstudio:2.0-1.1", "cpe:/o:fedoraproject:fedora:22"], "id": "CVE-2014-4978", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4978", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:rawstudio:rawstudio:2.0-1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:03", "description": "Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.", "edition": 5, "cvss3": {}, "published": "2015-05-19T18:59:00", "title": "CVE-2015-3885", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3885"], "modified": "2018-10-09T19:56:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "cpe:/a:dcraw_project:dcraw:7.00"], "id": "CVE-2015-3885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3885", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:a:dcraw_project:dcraw:7.00:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T10:13:47", "description": "Rawstudio from github https://github.com/rawstudio/rawstudio/ .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2015-07-20T00:00:00", "title": "Fedora 22 : rawstudio-2.1-0.1.20150511git983bda1.fc22 (2015-8196)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4978", "CVE-2015-3885"], "modified": "2015-07-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rawstudio", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-8196.NASL", "href": "https://www.tenable.com/plugins/nessus/84857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8196.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84857);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4978\", \"CVE-2015-3885\");\n script_xref(name:\"FEDORA\", value:\"2015-8196\");\n\n script_name(english:\"Fedora 22 : rawstudio-2.1-0.1.20150511git983bda1.fc22 (2015-8196)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rawstudio from github https://github.com/rawstudio/rawstudio/ .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rawstudio/rawstudio/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2caa43d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rawstudio package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rawstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"rawstudio-2.1-0.1.20150511git983bda1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rawstudio\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:49", "description": "This update contains a fix for a bug which could cause dcraw write\npast array boundaries.\n\nAdditionally, it updates ufraw to version 0.21, an upstream bugfix\nrelease.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-06-09T00:00:00", "title": "Fedora 22 : ufraw-0.21-1.fc22 (2015-8699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-06-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ufraw", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-8699.NASL", "href": "https://www.tenable.com/plugins/nessus/84032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8699.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84032);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_xref(name:\"FEDORA\", value:\"2015-8699\");\n\n script_name(english:\"Fedora 22 : ufraw-0.21-1.fc22 (2015-8699)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains a fix for a bug which could cause dcraw write\npast array boundaries.\n\nAdditionally, it updates ufraw to version 0.21, an upstream bugfix\nrelease.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221249\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f90f00dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ufraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ufraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"ufraw-0.21-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ufraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:47", "description": "Security fix for CVE-2015-3885\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-05-27T00:00:00", "title": "Fedora 20 : mingw-LibRaw-0.15.4-5.fc20 (2015-8266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-05-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-LibRaw", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-8266.NASL", "href": "https://www.tenable.com/plugins/nessus/83833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8266.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83833);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_xref(name:\"FEDORA\", value:\"2015-8266\");\n\n script_name(english:\"Fedora 20 : mingw-LibRaw-0.15.4-5.fc20 (2015-8266)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-3885\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221249\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158637.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9977aa87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-LibRaw package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-LibRaw-0.15.4-5.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-LibRaw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:42:56", "description": "A vulnerability has been discovered in the ExactImage image\nmanipulation programs.\n\nCVE-2015-3885\n\nEduardo Castellanos discovered an Integer overflow in the dcraw\nversion included in ExactImage. This vulnerability allows remote\nattackers to cause a denial of service (crash) via a crafted image.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 0.8.1-3+deb6u4.\n\nFor the oldstable, stable, and testing distributions, these problems\nwill be fixed soon.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2015-05-29T00:00:00", "title": "Debian DLA-228-1 : exactimage security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-05-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:php5-exactimage", "p-cpe:/a:debian:debian_linux:exactimage-perl", "p-cpe:/a:debian:debian_linux:exactimage", "p-cpe:/a:debian:debian_linux:exactimage-dbg", "p-cpe:/a:debian:debian_linux:libexactimage-perl", "p-cpe:/a:debian:debian_linux:python-exactimage"], "id": "DEBIAN_DLA-228.NASL", "href": "https://www.tenable.com/plugins/nessus/83886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-228-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83886);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_bugtraq_id(74590);\n\n script_name(english:\"Debian DLA-228-1 : exactimage security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered in the ExactImage image\nmanipulation programs.\n\nCVE-2015-3885\n\nEduardo Castellanos discovered an Integer overflow in the dcraw\nversion included in ExactImage. This vulnerability allows remote\nattackers to cause a denial of service (crash) via a crafted image.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 0.8.1-3+deb6u4.\n\nFor the oldstable, stable, and testing distributions, these problems\nwill be fixed soon.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/exactimage\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exactimage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exactimage-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:exactimage-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libexactimage-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-exactimage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-exactimage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"exactimage\", reference:\"0.8.1-3+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exactimage-dbg\", reference:\"0.8.1-3+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"exactimage-perl\", reference:\"0.8.1-3+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexactimage-perl\", reference:\"0.8.1-3+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-exactimage\", reference:\"0.8.1-3+deb6u4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-exactimage\", reference:\"0.8.1-3+deb6u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:33", "description": "The libraw library was updated to fix one security issue.\n\nThe following vulnerability was fixed :\n\n - boo#930683: CVE-2015-3885: dcraw/libraw: input\n sanitization errors", "edition": 17, "published": "2015-05-26T00:00:00", "title": "openSUSE Security Update : libraw (openSUSE-2015-378)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-05-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libraw-devel", "p-cpe:/a:novell:opensuse:libraw-tools", "p-cpe:/a:novell:opensuse:libraw10", "p-cpe:/a:novell:opensuse:libraw-tools-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libraw-debugsource", "p-cpe:/a:novell:opensuse:libraw-devel-static", "p-cpe:/a:novell:opensuse:libraw9-debuginfo", "p-cpe:/a:novell:opensuse:libraw10-debuginfo", "p-cpe:/a:novell:opensuse:libraw9", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-378.NASL", "href": "https://www.tenable.com/plugins/nessus/83804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-378.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83804);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3885\");\n\n script_name(english:\"openSUSE Security Update : libraw (openSUSE-2015-378)\");\n script_summary(english:\"Check for the openSUSE-2015-378 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libraw library was updated to fix one security issue.\n\nThe following vulnerability was fixed :\n\n - boo#930683: CVE-2015-3885: dcraw/libraw: input\n sanitization errors\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930683\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libraw packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libraw9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw-debugsource-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw-devel-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw-devel-static-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw-tools-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw-tools-debuginfo-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw9-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libraw9-debuginfo-0.15.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw-debugsource-0.16.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw-devel-0.16.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw-devel-static-0.16.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw-tools-0.16.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw-tools-debuginfo-0.16.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw10-0.16.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libraw10-debuginfo-0.16.0-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libraw-debugsource / libraw-devel / libraw-devel-static / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:49", "description": "This update contains a fix for a bug which could cause dcraw write\npast array boundaries.\n\nAdditionally, it updates dcraw to version 9,25.0 which contains\nupdated color matrices and supports the Canon EOS 5DS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-06-09T00:00:00", "title": "Fedora 20 : dcraw-9.25.0-2.fc20 (2015-8671)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-06-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:dcraw"], "id": "FEDORA_2015-8671.NASL", "href": "https://www.tenable.com/plugins/nessus/84031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8671.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84031);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_xref(name:\"FEDORA\", value:\"2015-8671\");\n\n script_name(english:\"Fedora 20 : dcraw-9.25.0-2.fc20 (2015-8671)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains a fix for a bug which could cause dcraw write\npast array boundaries.\n\nAdditionally, it updates dcraw to version 9,25.0 which contains\nupdated color matrices and supports the Canon EOS 5DS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221249\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e418a0a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dcraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"dcraw-9.25.0-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dcraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:49", "description": "This update contains a fix for a bug which could cause dcraw write\npast array boundaries.\n\nAdditionally, it updates dcraw to version 9,25.0 which contains\nupdated color matrices and supports the Canon EOS 5DS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-06-09T00:00:00", "title": "Fedora 21 : dcraw-9.25.0-2.fc21 (2015-8647)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-06-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:dcraw"], "id": "FEDORA_2015-8647.NASL", "href": "https://www.tenable.com/plugins/nessus/84030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8647.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84030);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_xref(name:\"FEDORA\", value:\"2015-8647\");\n\n script_name(english:\"Fedora 21 : dcraw-9.25.0-2.fc21 (2015-8647)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains a fix for a bug which could cause dcraw write\npast array boundaries.\n\nAdditionally, it updates dcraw to version 9,25.0 which contains\nupdated color matrices and supports the Canon EOS 5DS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221249\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cd0415b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dcraw package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"dcraw-9.25.0-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dcraw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:48", "description": "Latest upstream bugfix. Fixed dcraw vulnerability in ljpeg_start()\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-05-29T00:00:00", "title": "Fedora 21 : LibRaw-0.16.2-1.fc21 (2015-8482)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-05-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:LibRaw"], "id": "FEDORA_2015-8482.NASL", "href": "https://www.tenable.com/plugins/nessus/83898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8482.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83898);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_xref(name:\"FEDORA\", value:\"2015-8482\");\n\n script_name(english:\"Fedora 21 : LibRaw-0.16.2-1.fc21 (2015-8482)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest upstream bugfix. Fixed dcraw vulnerability in ljpeg_start()\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1220382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222258\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45daecc9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected LibRaw package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"LibRaw-0.16.2-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibRaw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:43:49", "description": "ocert reports :\n\nThe dcraw tool, as well as several other projects re-using its code,\nsuffers from an integer overflow condition which lead to a buffer\noverflow.\n\nThe vulnerability concerns the 'len' variable, parsed without\nvalidation from opened images, used in the ljpeg_start() function.\n\nA maliciously crafted raw image file can be used to trigger the\nvulnerability, causing a Denial of Service condition.", "edition": 23, "published": "2015-05-18T00:00:00", "title": "FreeBSD : dcraw -- integer overflow condition (57325ecf-facc-11e4-968f-b888e347c638)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2015-05-18T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:dcraw", "p-cpe:/a:freebsd:freebsd:libraw", "p-cpe:/a:freebsd:freebsd:flphoto", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:netpbm", "p-cpe:/a:freebsd:freebsd:rawstudio", "p-cpe:/a:freebsd:freebsd:opengtl", "p-cpe:/a:freebsd:freebsd:darktable", "p-cpe:/a:freebsd:freebsd:lightzone", "p-cpe:/a:freebsd:freebsd:cinepaint", "p-cpe:/a:freebsd:freebsd:kodi", "p-cpe:/a:freebsd:freebsd:dcraw-m", "p-cpe:/a:freebsd:freebsd:exact-image", "p-cpe:/a:freebsd:freebsd:freeimage", "p-cpe:/a:freebsd:freebsd:ufraw"], "id": "FREEBSD_PKG_57325ECFFACC11E4968FB888E347C638.NASL", "href": "https://www.tenable.com/plugins/nessus/83512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83512);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3885\");\n\n script_name(english:\"FreeBSD : dcraw -- integer overflow condition (57325ecf-facc-11e4-968f-b888e347c638)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ocert reports :\n\nThe dcraw tool, as well as several other projects re-using its code,\nsuffers from an integer overflow condition which lead to a buffer\noverflow.\n\nThe vulnerability concerns the 'len' variable, parsed without\nvalidation from opened images, used in the ljpeg_start() function.\n\nA maliciously crafted raw image file can be used to trigger the\nvulnerability, causing a Denial of Service condition.\"\n );\n # http://www.ocert.org/advisories/ocert-2015-006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ocert.org/advisories/ocert-2015-006.html\"\n );\n # https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7eab75a2\"\n );\n # https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e71e136a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/netpbm/code/2512/\"\n );\n # https://vuxml.freebsd.org/freebsd/57325ecf-facc-11e4-968f-b888e347c638.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ccb64ca5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cinepaint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:darktable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:dcraw-m\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:exact-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:flphoto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freeimage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kodi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libraw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lightzone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:opengtl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rawstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ufraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cinepaint>=0.22.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"darktable<1.6.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"dcraw>=7.00<9.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"dcraw-m>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"exact-image<0.9.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"flphoto>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"freeimage>=3.13.0<3.16.0_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"kodi<14.2_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libraw<0.16.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"lightzone<4.1.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"netpbm<10.35.96\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"opengtl>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rawstudio<2.0_11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ufraw<0.21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T11:05:44", "description": "The remote host is affected by the vulnerability described in GLSA-201701-54\n(DCRaw: Buffer overflow)\n\n An integer overflow was discovered in the ljpeg_start function in DCRaw.\n \nImpact :\n\n Remote attackers, by enticing a user to open a specially crafted image,\n could cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2017-01-23T00:00:00", "title": "GLSA-201701-54 : DCRaw: Buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "modified": "2017-01-23T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:dcraw", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-54.NASL", "href": "https://www.tenable.com/plugins/nessus/96689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-54.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96689);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3885\");\n script_xref(name:\"GLSA\", value:\"201701-54\");\n\n script_name(english:\"GLSA-201701-54 : DCRaw: Buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-54\n(DCRaw: Buffer overflow)\n\n An integer overflow was discovered in the ljpeg_start function in DCRaw.\n \nImpact :\n\n Remote attackers, by enticing a user to open a specially crafted image,\n could cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-54\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All DCRaw users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/dcraw-9.26.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dcraw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/dcraw\", unaffected:make_list(\"ge 9.26.0\"), vulnerable:make_list(\"lt 9.26.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"DCRaw\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4978", "CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-18T00:00:00", "id": "OPENVAS:1361412562310869769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869769", "type": "openvas", "title": "Fedora Update for rawstudio FEDORA-2015-8196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rawstudio FEDORA-2015-8196\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869769\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-18 06:25:46 +0200 (Sat, 18 Jul 2015)\");\n script_cve_id(\"CVE-2015-3885\", \"CVE-2014-4978\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rawstudio FEDORA-2015-8196\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rawstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rawstudio on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8196\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rawstudio\", rpm:\"rawstudio~2.1~0.1.20150511git983bda1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869584", "type": "openvas", "title": "Fedora Update for mingw-LibRaw FEDORA-2015-8085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-LibRaw FEDORA-2015-8085\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869584\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:25:35 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-LibRaw FEDORA-2015-8085\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-LibRaw'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-LibRaw on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8085\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158429.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-LibRaw\", rpm:\"mingw-LibRaw~0.16.1~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869650", "type": "openvas", "title": "Fedora Update for mingw-LibRaw FEDORA-2015-8444", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-LibRaw FEDORA-2015-8444\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869650\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:31:48 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-LibRaw FEDORA-2015-8444\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-LibRaw'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-LibRaw on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8444\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158387.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-LibRaw\", rpm:\"mingw-LibRaw~0.16.2~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869378", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869378", "type": "openvas", "title": "Fedora Update for LibRaw FEDORA-2015-8247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for LibRaw FEDORA-2015-8247\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869378\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:44:49 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for LibRaw FEDORA-2015-8247\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'LibRaw'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"LibRaw on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8247\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158582.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"LibRaw\", rpm:\"LibRaw~0.15.4~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869418", "type": "openvas", "title": "Fedora Update for LibRaw FEDORA-2015-8482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for LibRaw FEDORA-2015-8482\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869418\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:54:29 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for LibRaw FEDORA-2015-8482\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'LibRaw'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"LibRaw on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8482\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"LibRaw\", rpm:\"LibRaw~0.16.2~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869531", "type": "openvas", "title": "Fedora Update for rawtherapee FEDORA-2015-8187", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rawtherapee FEDORA-2015-8187\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869531\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:22:44 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rawtherapee FEDORA-2015-8187\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rawtherapee'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rawtherapee on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8187\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158824.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rawtherapee\", rpm:\"rawtherapee~4.2~9.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-18T00:00:00", "id": "OPENVAS:1361412562310869773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869773", "type": "openvas", "title": "Fedora Update for rawstudio FEDORA-2015-8170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rawstudio FEDORA-2015-8170\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869773\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-18 06:25:53 +0200 (Sat, 18 Jul 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rawstudio FEDORA-2015-8170\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rawstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rawstudio on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8170\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"rawstudio\", rpm:\"rawstudio~2.1~0.1.20150511git983bda1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192567", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for dcraw (EulerOS-SA-2019-2567)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2567\");\n script_version(\"2020-01-23T13:06:36+0000\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:06:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:06:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for dcraw (EulerOS-SA-2019-2567)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2567\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2567\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'dcraw' package(s) announced via the EulerOS-SA-2019-2567 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.(CVE-2015-3885)\");\n\n script_tag(name:\"affected\", value:\"'dcraw' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"dcraw\", rpm:\"dcraw~9.19~6.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192489", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for dcraw (EulerOS-SA-2019-2489)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2489\");\n script_version(\"2020-01-23T13:01:18+0000\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:01:18 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:01:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for dcraw (EulerOS-SA-2019-2489)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2489\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2489\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'dcraw' package(s) announced via the EulerOS-SA-2019-2489 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.(CVE-2015-3885)\");\n\n script_tag(name:\"affected\", value:\"'dcraw' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"dcraw\", rpm:\"dcraw~9.19~6.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3885"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869393", "type": "openvas", "title": "Fedora Update for mingw-LibRaw FEDORA-2015-8266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-LibRaw FEDORA-2015-8266\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869393\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:50:56 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3885\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-LibRaw FEDORA-2015-8266\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-LibRaw'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-LibRaw on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8266\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158637.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-LibRaw\", rpm:\"mingw-LibRaw~0.15.4~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:17:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "Package : libraw\nVersion : 0.9.1-1+deb6u1\nCVE ID : CVE-2015-3885\nDebian Bug : 786788\n\n[This DLA supersedes my wrong announcement using DLA 241-1]\n\nCVE-2015-3885:\n Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier\n allows remote attackers to cause a denial of service (crash) via a\n crafted image, which triggers a buffer overflow, related to the len\n variable.\n\nWe recommend that you upgrade your libraw packages.\n\n\n-- \nMatteo F. Vescovi || Debian Developer\nGnuPG KeyID: 4096R/0x8062398983B2CF7A\n", "edition": 7, "modified": "2015-06-10T20:19:37", "published": "2015-06-10T20:19:37", "id": "DEBIAN:DLA-243-1:E47ED", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00007.html", "title": "[SECURITY] [DLA 243-1] libraw security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "Package : exactimage\nVersion : 0.8.1-3+deb6u4\nCVE ID : CVE-2015-3885\nDebian Bug : 786785\n\nA vulnerability has been discovered in the ExactImage image manipulation \nprograms.\n\nCVE-2015-3885\n\n Eduardo Castellanos discovered an Integer overflow in the dcraw version\n included in ExactImage. This vulnerability allows remote attackers to\n cause a denial of service (crash) via a crafted image.\n\nFor the oldoldstable distribution (squeeze), these problems have been fixed in \nversion 0.8.1-3+deb6u4.\n\nFor the oldstable, stable, and testing distributions, these problems will be \nfixed soon.\n", "edition": 3, "modified": "2015-05-28T07:14:06", "published": "2015-05-28T07:14:06", "id": "DEBIAN:DLA-228-1:754CD", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00015.html", "title": "[SECURITY] [DLA 228-1] exactimage security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:12:30", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "Package : libraw\nVersion : 0.9.1-1+deb6u1\nCVE ID : CVE-2015-3885\nDebian Bug : 786788\n\nCVE-2015-3885:\n Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier\n allows remote attackers to cause a denial of service (crash) via a\n crafted image, which triggers a buffer overflow, related to the len\n variable.\n\nWe recommend that you upgrade your libraw packages.\n\n- -- \nMatteo F. Vescovi || Debian Developer\nGnuPG KeyID: 4096R/0x8062398983B2CF7A\n", "edition": 9, "modified": "2015-06-10T12:10:26", "published": "2015-06-10T12:10:26", "id": "DEBIAN:DLA-241-1:A3226", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00005.html", "title": "[SECURITY] [DLA 241-1] libraw security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-10-09T01:03:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5684", "CVE-2015-3885"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3692-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 13, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : freeimage\nCVE ID : CVE-2015-3885 CVE-2016-5684\n\nMultiple vulnerabilities were discovered in the FreeImage multimedia\nlibrary, which might result in denial of service or the execution of\narbitrary code if a malformed XMP or RAW image is processed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.15.4-4.2+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 3.17.0+ds1-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.17.0+ds1-3.\n\nWe recommend that you upgrade your freeimage packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2016-10-13T19:00:47", "published": "2016-10-13T19:00:47", "id": "DEBIAN:DSA-3692-1:09CE8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00273.html", "title": "[SECURITY] [DSA 3692-1] freeimage security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "\nocert reports:\n\nThe dcraw tool, as well as several other projects re-using its\n\t code, suffers from an integer overflow condition which lead to a\n\t buffer overflow.\nThe vulnerability concerns the 'len' variable, parsed without\n\t validation from opened images, used in the ljpeg_start()\n\t function.\nA maliciously crafted raw image file can be used to trigger the\n\t vulnerability, causing a Denial of Service condition.\n\n", "edition": 4, "modified": "2016-01-08T00:00:00", "published": "2015-04-24T00:00:00", "id": "57325ECF-FACC-11E4-968F-B888E347C638", "href": "https://vuxml.freebsd.org/freebsd/57325ecf-facc-11e4-968f-b888e347c638.html", "title": "dcraw -- integer overflow condition", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2017-01-23T04:59:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "edition": 1, "description": "### Background\n\nCommand-line decoder for raw digital photos.\n\n### Description\n\nAn integer overflow was discovered in the ljpeg_start function in DCRaw.\n\n### Impact\n\nRemote attackers, by enticing a user to open a specially crafted image, could cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll DCRaw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/dcraw-9.26.0\"", "modified": "2017-01-23T00:00:00", "published": "2017-01-23T00:00:00", "href": "https://security.gentoo.org/glsa/201701-54", "id": "GLSA-201701-54", "type": "gentoo", "title": "DCRaw: Buffer overflow", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-20T22:15:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8314", "CVE-2015-3885"], "description": "### Background\n\nKodi (formerly XBMC) is a free and open-source media player software application. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Kodi. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted image file using Kodi, possibly resulting in a Denial of Service condition. \n\nFurthermore, a remote attacker could entice a user process a specially crafted ZIP file containing subtitles using Kodi, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Kodi users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/kodi-17.2\"", "edition": 1, "modified": "2017-06-20T00:00:00", "published": "2017-06-20T00:00:00", "href": "https://security.gentoo.org/glsa/201706-17", "id": "GLSA-201706-17", "title": "Kodi: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future. ", "modified": "2015-05-26T03:31:06", "published": "2015-05-26T03:31:06", "id": "FEDORA:798666087C82", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: LibRaw-0.16.2-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "MinGW Windows LibRaw library. ", "modified": "2015-05-26T03:15:37", "published": "2015-05-26T03:15:37", "id": "FEDORA:15A026087803", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-LibRaw-0.16.2-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "UFRaw is a tool for opening raw format images of digital cameras. ", "modified": "2015-06-05T23:43:52", "published": "2015-06-05T23:43:52", "id": "FEDORA:D9BF4609392D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: ufraw-0.21-1.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "MinGW Windows LibRaw library. ", "modified": "2015-05-26T03:20:24", "published": "2015-05-26T03:20:24", "id": "FEDORA:BA2F96087A80", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-LibRaw-0.16.1-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "MinGW Windows LibRaw library. ", "modified": "2015-05-26T03:42:43", "published": "2015-05-26T03:42:43", "id": "FEDORA:BD8F26090BEC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mingw-LibRaw-0.15.4-5.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "Rawstudio is a highly specialized application for processing RAW images from digital cameras. It is not a fully featured image editing application. The RAW format is often recommended to get the best quality out of digital camera images. The format is specific to cameras and cannot be read by most image editing applications. Rawstudio makes it possible to read and manipulate RAW images, experiment with the controls to see how they affect the image, and finally export into JPEG, PNG or TIF format images from most digital cameras. ", "modified": "2015-07-18T01:58:47", "published": "2015-07-18T01:58:47", "id": "FEDORA:2C95B60648FE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: rawstudio-2.1-0.1.20150511git983bda1.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "UFRaw is a tool for opening raw format images of digital cameras. ", "modified": "2015-06-05T23:59:05", "published": "2015-06-05T23:59:05", "id": "FEDORA:0B1396095B47", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: ufraw-0.21-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format. ", "modified": "2015-05-27T16:06:07", "published": "2015-05-27T16:06:07", "id": "FEDORA:EBE4A6014779", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rawtherapee-4.2-9.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future. ", "modified": "2015-05-26T03:37:12", "published": "2015-05-26T03:37:12", "id": "FEDORA:01DF2608780B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: LibRaw-0.15.4-2.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3885"], "description": "LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future. ", "modified": "2015-05-28T12:00:19", "published": "2015-05-28T12:00:19", "id": "FEDORA:7F9746087CEB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: LibRaw-0.16.2-1.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8366", "CVE-2017-14265", "CVE-2015-8367", "CVE-2017-6887", "CVE-2017-14608", "CVE-2017-14348", "CVE-2015-3885", "CVE-2017-6886", "CVE-2017-13735"], "description": "It was discovered that LibRaw incorrectly handled photo files. If a user or \nautomated system were tricked into processing a specially crafted photo \nfile, a remote attacker could cause applications linked against LibRaw \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode", "edition": 5, "modified": "2017-11-22T00:00:00", "published": "2017-11-22T00:00:00", "id": "USN-3492-1", "href": "https://ubuntu.com/security/notices/USN-3492-1", "title": "LibRaw vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}