Executive Summary
Summary | |
---|---|
Title | LibRaw, libkdcraw: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201309-09 | First vendor Publication | 2013-09-15 |
Vendor | Gentoo | Last vendor Modification | 2013-09-15 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in LibRaw and libkdcraw, the worst of which may lead to arbitrary code execution. Background Description Impact Workaround Resolution All libkdcraw users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201309-09.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201309-09.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17013 | |||
Oval ID: | oval:org.mitre.oval:def:17013 | ||
Title: | USN-1885-1 -- libKDcraw vulnerability | ||
Description: | libKDcraw could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1885-1 CVE-2013-2126 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | libKDcraw |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17103 | |||
Oval ID: | oval:org.mitre.oval:def:17103 | ||
Title: | USN-1884-1 -- LibRaw vulnerability | ||
Description: | LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1884-1 CVE-2013-2126 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | libraw |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18469 | |||
Oval ID: | oval:org.mitre.oval:def:18469 | ||
Title: | DSA-2748-1 exactimage - denial of service | ||
Description: | Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for processing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2748-1 CVE-2013-1438 | Version: | 8 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | exactimage |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19262 | |||
Oval ID: | oval:org.mitre.oval:def:19262 | ||
Title: | USN-1964-1 -- libraw vulnerabilities | ||
Description: | LibRaw could be made to crash if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1964-1 CVE-2013-1438 CVE-2013-1439 | Version: | 5 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | libraw |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19384 | |||
Oval ID: | oval:org.mitre.oval:def:19384 | ||
Title: | USN-1978-1 -- libkdcraw vulnerabilities | ||
Description: | libKDcraw could be made to crash if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1978-1 CVE-2013-1438 CVE-2013-1439 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | libkdcraw |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20135 | |||
Oval ID: | oval:org.mitre.oval:def:20135 | ||
Title: | DSA-2754-1 exactimage - denial of service | ||
Description: | It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialised variable being passed to longjmp. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2754-1 CVE-2013-1441 CVE-2013-1438 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | exactimage |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-567.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-538.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-537.nasl - Type : ACT_GATHER_INFO |
2014-05-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2014-098.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22832.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22854.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22899.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22900.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22924.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22929.nasl - Type : ACT_GATHER_INFO |
2013-10-11 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-249.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1978-1.nasl - Type : ACT_GATHER_INFO |
2013-09-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1964-1.nasl - Type : ACT_GATHER_INFO |
2013-09-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-09.nasl - Type : ACT_GATHER_INFO |
2013-09-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2754.nasl - Type : ACT_GATHER_INFO |
2013-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-15576.nasl - Type : ACT_GATHER_INFO |
2013-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-15562.nasl - Type : ACT_GATHER_INFO |
2013-09-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2748.nasl - Type : ACT_GATHER_INFO |
2013-07-31 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-13499.nasl - Type : ACT_GATHER_INFO |
2013-07-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-13112.nasl - Type : ACT_GATHER_INFO |
2013-07-24 | Name : The remote Fedora host is missing a security update. File : fedora_2013-13038.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-9798.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-9773.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-9722.nasl - Type : ACT_GATHER_INFO |
2013-06-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1884-1.nasl - Type : ACT_GATHER_INFO |
2013-06-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1885-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:44 |
|
2014-01-19 21:34:41 |
|
2013-09-17 00:28:06 |
|
2013-09-15 09:21:11 |
|