Vulnerability Description
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libraw | Libraw | 0.13.0 |
References
- http://www.debian.org/security/2013/dsa-2748
- http://www.openwall.com/lists/oss-security/2013/08/29/3ExploitPatch
- https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29adExploitPatch
- http://www.debian.org/security/2013/dsa-2748
- http://www.openwall.com/lists/oss-security/2013/08/29/3ExploitPatch
- https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29adExploitPatch
FAQ
What is CVE-2013-1439?
CVE-2013-1439 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
How severe is CVE-2013-1439?
CVE-2013-1439 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1439?
Check the references section above for vendor advisories and patch information. Affected products include: Libraw Libraw.