CVE-2013-1439 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Affected Products (NVD)

Vendor	Product	Version
libraw	libraw	0.13.0
libraw	libraw	0.13.1
libraw	libraw	0.13.2
libraw	libraw	0.13.3
libraw	libraw	0.13.4
libraw	libraw	0.13.5
libraw	libraw	0.13.6
libraw	libraw	0.13.7
libraw	libraw	0.13.8
libraw	libraw	0.14.0
libraw	libraw	0.14.1
libraw	libraw	0.14.2
libraw	libraw	0.14.3
libraw	libraw	0.14.4
libraw	libraw	0.14.5
libraw	libraw	0.14.6
libraw	libraw	0.14.7
libraw	libraw	0.15.0
libraw	libraw	0.15.1
libraw	libraw	0.15.2
libraw	libraw	0.15.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

darktable

bookworm	4.2.1-4 fixed
bullseye	3.4.1-5 fixed
sid	4.8.1-2 fixed
squeeze	no-dsa
trixie	4.8.1-2 fixed
wheezy	no-dsa

libraw

bookworm	0.20.2-2.1 fixed
bullseye	0.20.2-1+deb11u1 fixed
bullseye (security)	0.20.2-1+deb11u1 fixed
sid	0.21.3-1 fixed
squeeze	no-dsa
trixie	0.21.3-1 fixed
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

darktable

artful	ignored
bionic	not-affected
cosmic	not-affected
disco	not-affected
lucid	dne
precise	ignored
quantal	ignored
raring	ignored
saucy	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	ignored
zesty	ignored

libkdcraw

artful	dne
bionic	dne
cosmic	dne
disco	dne
lucid	dne
precise	Fixed 4:4.8.5-0ubuntu0.3 released
quantal	ignored
raring	ignored
saucy	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	ignored
zesty	not-affected

libraw

artful	Fixed 0.15.3-1ubuntu1 released
bionic	Fixed 0.15.3-1ubuntu1 released
cosmic	Fixed 0.15.3-1ubuntu1 released
disco	Fixed 0.15.3-1ubuntu1 released
lucid	dne
precise	not-affected
quantal	Fixed 0.14.7-0ubuntu1.12.10.2 released
raring	Fixed 0.14.7-0ubuntu1.13.04.2 released
saucy	Fixed 0.15.3-1ubuntu1 released
trusty	Fixed 0.15.3-1ubuntu1 released
utopic	Fixed 0.15.3-1ubuntu1 released
vivid	Fixed 0.15.3-1ubuntu1 released
wily	Fixed 0.15.3-1ubuntu1 released
xenial	Fixed 0.15.3-1ubuntu1 released
yakkety	Fixed 0.15.3-1ubuntu1 released
zesty	Fixed 0.15.3-1ubuntu1 released

Known Exploits!

References

http://www.debian.org/security/2013/dsa-2748

http://www.openwall.com/lists/oss-security/2013/08/29/3

https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad

http://www.debian.org/security/2013/dsa-2748

http://www.openwall.com/lists/oss-security/2013/08/29/3

https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad