CVE-2015-3885

EPSS 3.6%

freeimage - security update

發布日:2015/5/19修改日:2026/5/20

也稱為:DEBIAN-CVE-2015-3885

描述

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

受影響套件(10)

Debian/darktablefrom 0, < 1.6.7-1
Debian/dcrawfrom 0, < 9.26-1
Debian/exactimagefrom 0, < 0.8.1-3+deb6u4
Debian/exactimagefrom 0, < 0.9.1-5
Debian/freeimagefrom 0, < 3.15.4-4.2+deb8u1
Debian/freeimagefrom 0, < 3.15.4-6
Debian/kodifrom 0, < 16.0+dfsg1-1
Debian/librawfrom 0, < 0.9.1-1+deb6u1
Debian/librawfrom 0, < 0.16.2-1
Debian/rawtherapeefrom 0, < 4.2-2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3885