CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.7%
Updated darktable package fixes security vulnerability The dcraw tool bundled in darktable’s libraw copy suffers from an integer overflow condition which leads to a buffer overflow. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition. The bundled dcraw code has been patched to fix this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | darktable | < 1.2.3-4.3 | darktable-1.2.3-4.3.mga4 |