CVE-2013-2126

2013-05-3100:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.6%

JSON

Multiple double free vulnerabilities in the LibRaw::unpack function in
libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image
file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353 (libraw)>
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316 (darktable)>
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711317 (libkdcraw)>

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlibkdcraw< 4:4.8.5-0ubuntu0.2UNKNOWN
ubuntu12.10noarchlibkdcraw< 4:4.9.2-0ubuntu1.1UNKNOWN
ubuntu13.04noarchlibkdcraw< 4:4.10.2-0ubuntu1.1UNKNOWN
ubuntu13.10noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN
ubuntu14.04noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN
ubuntu14.10noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN
ubuntu15.04noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN
ubuntu15.10noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN
ubuntu16.04noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN
ubuntu16.10noarchlibkdcraw< 4:4.10.4-0ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	libkdcraw	< 4:4.8.5-0ubuntu0.2	UNKNOWN
ubuntu	12.10	noarch	libkdcraw	< 4:4.9.2-0ubuntu1.1	UNKNOWN
ubuntu	13.04	noarch	libkdcraw	< 4:4.10.2-0ubuntu1.1	UNKNOWN
ubuntu	13.10	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN
ubuntu	14.04	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN
ubuntu	14.10	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN
ubuntu	15.04	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN
ubuntu	15.10	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN
ubuntu	16.04	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN
ubuntu	16.10	noarch	libkdcraw	< 4:4.10.4-0ubuntu2	UNKNOWN