Executive Summary
Summary | |
---|---|
Title | exactimage security update |
Informations | |||
---|---|---|---|
Name | DSA-2748 | First vendor Publication | 2013-09-01 |
Vendor | Debian | Last vendor Modification | 2013-09-01 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. For the oldstable distribution (squeeze), this problem has been fixed in version 0.8.1-3+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 0.8.5-5+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 0.8.9-1. We recommend that you upgrade your exactimage packages. |
Original Source
Url : http://www.debian.org/security/2013/dsa-2748 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18469 | |||
Oval ID: | oval:org.mitre.oval:def:18469 | ||
Title: | DSA-2748-1 exactimage - denial of service | ||
Description: | Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for processing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2748-1 CVE-2013-1438 | Version: | 8 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | exactimage |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19262 | |||
Oval ID: | oval:org.mitre.oval:def:19262 | ||
Title: | USN-1964-1 -- libraw vulnerabilities | ||
Description: | LibRaw could be made to crash if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1964-1 CVE-2013-1438 CVE-2013-1439 | Version: | 5 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | libraw |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19384 | |||
Oval ID: | oval:org.mitre.oval:def:19384 | ||
Title: | USN-1978-1 -- libkdcraw vulnerabilities | ||
Description: | libKDcraw could be made to crash if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1978-1 CVE-2013-1438 CVE-2013-1439 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | libkdcraw |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20135 | |||
Oval ID: | oval:org.mitre.oval:def:20135 | ||
Title: | DSA-2754-1 exactimage - denial of service | ||
Description: | It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialised variable being passed to longjmp. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2754-1 CVE-2013-1441 CVE-2013-1438 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | exactimage |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-05-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2014-098.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22832.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22854.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22899.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22900.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22924.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22929.nasl - Type : ACT_GATHER_INFO |
2013-10-11 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-249.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1978-1.nasl - Type : ACT_GATHER_INFO |
2013-09-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1964-1.nasl - Type : ACT_GATHER_INFO |
2013-09-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-09.nasl - Type : ACT_GATHER_INFO |
2013-09-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2754.nasl - Type : ACT_GATHER_INFO |
2013-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-15562.nasl - Type : ACT_GATHER_INFO |
2013-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-15576.nasl - Type : ACT_GATHER_INFO |
2013-09-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2748.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:08 |
|
2014-01-19 21:34:40 |
|
2013-09-17 17:23:07 |
|
2013-09-17 00:28:06 |
|
2013-09-01 13:18:33 |
|