Debian Security Advisory
DLA-228-1 exactimage -- LTS security update
- Date Reported:
- 28 May 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 786785.
In Mitre's CVE dictionary: CVE-2015-3885.
- More information:
A vulnerability has been discovered in the ExactImage image manipulation programs.
Eduardo Castellanos discovered an Integer overflow in the dcraw version included in ExactImage. This vulnerability allows remote attackers to cause a denial of service (crash) via a crafted image.
For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.1-3+deb6u4.
For the oldstable, stable, and testing distributions, these problems will be fixed soon.