Debian Security Advisory

DLA-243-1 libraw -- LTS security update

Date Reported:
10 Jun 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 786788.
In Mitre's CVE dictionary: CVE-2015-3885.
More information:

[This DLA supersedes my wrong announcement using DLA 241-1]

  • CVE-2015-3885

    Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

We recommend that you upgrade your libraw packages.