Debian Security Advisory
DLA-243-1 libraw -- LTS security update
- Date Reported:
- 10 Jun 2015
- Affected Packages:
- libraw
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 786788.
In Mitre's CVE dictionary: CVE-2015-3885. - More information:
-
[This DLA supersedes my wrong announcement using DLA 241-1]
- CVE-2015-3885
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
We recommend that you upgrade your libraw packages.
- CVE-2015-3885