CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.7%
Updated rawtherapee package fixes security vulnerability: The dcraw tool suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the ‘len’ variable, parsed without validation from opened images, used in the ljpeg_start() function. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition (CVE-2015-3885). The rawtherapee package contains a bundled copy of the affected code and has been patched to fix this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | rawtherapee | < 4.0.11-2.2 | rawtherapee-4.0.11-2.2.mga4 |