Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw,
ufraw, shotwell, and other products, allows context-dependent attackers to
cause a denial of service via a crafted photo file that triggers a (1)
divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
Author | Note |
---|---|
jdstrand | upstream says to use 0.14-stable branch from github repo |
sbeattie | darktable as of 2.0.0 does not have embedded LibRaw anymore |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | dcraw | < any | UNKNOWN |
ubuntu | 16.04 | noarch | dcraw | < any | UNKNOWN |
ubuntu | 12.04 | noarch | libkdcraw | < 4:4.8.5-0ubuntu0.3 | UNKNOWN |
ubuntu | 17.10 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |
ubuntu | 18.04 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |
ubuntu | 18.10 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |
ubuntu | 19.04 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |
ubuntu | 19.10 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |
ubuntu | 20.04 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | libraw | < 0.15.3-1ubuntu1 | UNKNOWN |