CVE-2013-1438

EUVD-2013-1476
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
dave_coffindcraw
0.8.0
dave_coffindcraw
0.8.1
dave_coffindcraw
0.8.2
dave_coffindcraw
0.8.3
dave_coffindcraw
0.8.4
dave_coffindcraw
0.8.5
dave_coffindcraw
0.8.6
dave_coffindcraw
0.8.7
dave_coffindcraw
0.8.8
dave_coffindcraw
0.8.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
darktable
bookworm
4.2.1-4
fixed
bullseye
3.4.1-5
fixed
sid
4.8.1-2
fixed
squeeze
no-dsa
trixie
4.8.1-2
fixed
wheezy
no-dsa
dcraw
bookworm
9.28-3
fixed
bullseye
9.28-2
fixed
sid
9.28-7
fixed
squeeze
no-dsa
trixie
9.28-7
fixed
wheezy
no-dsa
exactimage
bookworm
1.0.2-11
fixed
bullseye
1.0.2-8
fixed
sid
1.0.2-12
fixed
squeeze
no-dsa
trixie
1.0.2-12
fixed
wheezy
no-dsa
libraw
bookworm
0.20.2-2.1
fixed
bullseye
0.20.2-1+deb11u1
fixed
bullseye (security)
0.20.2-1+deb11u1
fixed
sid
0.21.3-1
fixed
squeeze
no-dsa
trixie
0.21.3-1
fixed
wheezy
no-dsa
rawtherapee
bookworm
5.9-1
fixed
bullseye
5.8-3
fixed
sid
5.11-2
fixed
squeeze
no-dsa
trixie
5.11-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
darktable
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lucid
dne
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
not-affected
dcraw
artful
ignored
bionic
needed
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lucid
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
needed
yakkety
ignored
zesty
ignored
exactimage
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lucid
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
libkdcraw
artful
dne
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lucid
dne
lunar
dne
mantic
dne
noble
dne
precise
Fixed 4:4.8.5-0ubuntu0.3
released
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
not-affected
libraw
artful
Fixed 0.15.3-1ubuntu1
released
bionic
Fixed 0.15.3-1ubuntu1
released
cosmic
Fixed 0.15.3-1ubuntu1
released
disco
Fixed 0.15.3-1ubuntu1
released
eoan
Fixed 0.15.3-1ubuntu1
released
focal
Fixed 0.15.3-1ubuntu1
released
groovy
Fixed 0.15.3-1ubuntu1
released
hirsute
Fixed 0.15.3-1ubuntu1
released
impish
Fixed 0.15.3-1ubuntu1
released
jammy
Fixed 0.15.3-1ubuntu1
released
kinetic
Fixed 0.15.3-1ubuntu1
released
lucid
dne
lunar
Fixed 0.15.3-1ubuntu1
released
mantic
Fixed 0.15.3-1ubuntu1
released
noble
Fixed 0.15.3-1ubuntu1
released
precise
Fixed 0.14.4-0ubuntu2.2
released
quantal
Fixed 0.14.7-0ubuntu1.12.10.2
released
raring
Fixed 0.14.7-0ubuntu1.13.04.2
released
saucy
Fixed 0.15.3-1ubuntu1
released
trusty
Fixed 0.15.3-1ubuntu1
released
utopic
Fixed 0.15.3-1ubuntu1
released
vivid
Fixed 0.15.3-1ubuntu1
released
wily
Fixed 0.15.3-1ubuntu1
released
xenial
Fixed 0.15.3-1ubuntu1
released
yakkety
Fixed 0.15.3-1ubuntu1
released
zesty
Fixed 0.15.3-1ubuntu1
released
rawstudio
artful
dne
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lucid
ignored
lunar
dne
mantic
dne
noble
dne
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
rawtherapee
artful
ignored
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lucid
dne
lunar
ignored
mantic
ignored
noble
needed
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
needed
yakkety
ignored
zesty
ignored
ufraw
artful
Fixed 0.19.2-2ubuntu1
released
bionic
Fixed 0.19.2-2ubuntu1
released
cosmic
Fixed 0.19.2-2ubuntu1
released
disco
Fixed 0.19.2-2ubuntu1
released
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lucid
ignored
lunar
dne
mantic
dne
noble
dne
precise
ignored
quantal
ignored
raring
ignored
saucy
Fixed 0.19.2-2ubuntu1
released
trusty
Fixed 0.19.2-2ubuntu1
released
utopic
Fixed 0.19.2-2ubuntu1
released
vivid
Fixed 0.19.2-2ubuntu1
released
wily
Fixed 0.19.2-2ubuntu1
released
xenial
Fixed 0.19.2-2ubuntu1
released
yakkety
Fixed 0.19.2-2ubuntu1
released
zesty
Fixed 0.19.2-2ubuntu1
released
xmbc
artful
dne
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lucid
dne
lunar
dne
mantic
dne
noble
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
References
http://www.debian.org/security/2013/dsa-2748
http://www.openwall.com/lists/oss-security/2013/08/29/3
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/62060
http://www.debian.org/security/2013/dsa-2748
http://www.openwall.com/lists/oss-security/2013/08/29/3
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/62060