1. CVE-Search
  2. CVE-2013-1438
ID CVE-2013-1438
Summary Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:dave_coffin:dcraw:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_coffin:dcraw:0.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:dave_coffin:dcraw:0.8.9:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 28-11-2016 - 19:08)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 62060
confirm http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
debian DSA-2748
mlist [oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities
Last major update 28-11-2016 - 19:08
Published 19-01-2014 - 18:02
Last modified 28-11-2016 - 19:08
Back to Top