Summary: | <media-gfx/dcraw-9.26.0: input sanitization errors (CVE-2015-3885) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | kensington:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/05/11/4 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=media-gfx/dcraw-9.27.0
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-05-13 07:19:44 UTC
CVE-2015-3885 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885): Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. @ Arches, please test and mark stable: =media-gfx/dcraw-9.27.0 Stable on alpha. amd64 stable x86 stable arm stable ppc stable ppc64 stable sparc stable Stable for HPPA. ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. vulnerable versions removed. New GLSA request filed. This issue was resolved and addressed in GLSA 201701-54 at https://security.gentoo.org/glsa/201701-54 by GLSA coordinator Aaron Bauman (b-man). |