CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
librawlibraw
𝑥
≤ 0.15.1
librawlibraw
0.15.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
darktable
bullseye
3.4.1-5
fixed
wheezy
no-dsa
squeeze
not-affected
bookworm
4.2.1-4
fixed
sid
4.8.1-2
fixed
trixie
4.8.1-2
fixed
libraw
bullseye (security)
0.20.2-1+deb11u1
fixed
bullseye
0.20.2-1+deb11u1
fixed
wheezy
no-dsa
squeeze
not-affected
bookworm
0.20.2-2.1
fixed
sid
0.21.3-1
fixed
trixie
0.21.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
darktable
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
dne
libkdcraw
zesty
Fixed 4:4.10.4-0ubuntu2
released
yakkety
Fixed 4:4.10.4-0ubuntu2
released
xenial
Fixed 4:4.10.4-0ubuntu2
released
wily
Fixed 4:4.10.4-0ubuntu2
released
vivid
Fixed 4:4.10.4-0ubuntu2
released
utopic
Fixed 4:4.10.4-0ubuntu2
released
trusty
Fixed 4:4.10.4-0ubuntu2
released
saucy
Fixed 4:4.10.4-0ubuntu2
released
raring
Fixed 4:4.10.2-0ubuntu1.1
released
quantal
Fixed 4:4.9.2-0ubuntu1.1
released
precise
Fixed 4:4.8.5-0ubuntu0.2
released
lucid
dne
libraw
zesty
Fixed 0.14.7-2ubuntu1
released
yakkety
Fixed 0.14.7-2ubuntu1
released
xenial
Fixed 0.14.7-2ubuntu1
released
wily
Fixed 0.14.7-2ubuntu1
released
vivid
Fixed 0.14.7-2ubuntu1
released
utopic
Fixed 0.14.7-2ubuntu1
released
trusty
Fixed 0.14.7-2ubuntu1
released
saucy
Fixed 0.14.7-2ubuntu1
released
raring
Fixed 0.14.7-0ubuntu1.13.04.1
released
quantal
Fixed 0.14.7-0ubuntu1.12.10.1
released
precise
Fixed 0.14.4-0ubuntu2.1
released
lucid
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html
http://secunia.com/advisories/53547
http://secunia.com/advisories/53883
http://secunia.com/advisories/53888
http://secunia.com/advisories/53938
http://www.libraw.org/news/libraw-0-15-2
http://www.openwall.com/lists/oss-security/2013/05/29/7
http://www.openwall.com/lists/oss-security/2013/06/10/1
http://www.ubuntu.com/usn/USN-1884-1
http://www.ubuntu.com/usn/USN-1885-1
https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html
http://secunia.com/advisories/53547
http://secunia.com/advisories/53883
http://secunia.com/advisories/53888
http://secunia.com/advisories/53938
http://www.libraw.org/news/libraw-0-15-2
http://www.openwall.com/lists/oss-security/2013/05/29/7
http://www.openwall.com/lists/oss-security/2013/06/10/1
http://www.ubuntu.com/usn/USN-1884-1
http://www.ubuntu.com/usn/USN-1885-1
https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6