Vulnerability Description
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dave Coffin | Dcraw | 0.8.0 |
References
- http://www.debian.org/security/2013/dsa-2748
- http://www.openwall.com/lists/oss-security/2013/08/29/3
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/62060
- http://www.debian.org/security/2013/dsa-2748
- http://www.openwall.com/lists/oss-security/2013/08/29/3
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/62060
FAQ
What is CVE-2013-1438?
CVE-2013-1438 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file...
How severe is CVE-2013-1438?
CVE-2013-1438 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1438?
Check the references section above for vendor advisories and patch information. Affected products include: Dave Coffin Dcraw.