Debian Security Advisory
DLA-243-1 libraw -- LTS security update
- Date Reported:
- 10 Jun 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 786788.
In Mitre's CVE dictionary: CVE-2015-3885.
- More information:
[This DLA supersedes my wrong announcement using DLA 241-1]
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
We recommend that you upgrade your libraw packages.