CVE-2013-2127

Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
librawlibraw
𝑥
≤ 0.15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
darktable
bookworm
4.2.1-4
fixed
bullseye
3.4.1-5
fixed
sid
4.8.1-2
fixed
trixie
4.8.1-2
fixed
libraw
bookworm
0.20.2-2.1
fixed
bullseye
0.20.2-1+deb11u1
fixed
bullseye (security)
0.20.2-1+deb11u1
fixed
sid
0.21.3-1
fixed
trixie
0.21.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
darktable
lucid
dne
precise
not-affected
quantal
not-affected
raring
not-affected
libkdcraw
lucid
dne
precise
not-affected
quantal
not-affected
raring
Fixed 4:4.10.2-0ubuntu1.1
released
libraw
lucid
dne
precise
not-affected
quantal
not-affected
raring
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libraw-devel
suse enterprise desktop 15
0.18.9-1.9
fixed
suse enterprise desktop 15 SP1
0.18.9-3.8.1
fixed
suse enterprise desktop 15 SP2
0.18.9-3.8.1
fixed
suse enterprise sap 15
0.18.9-1.9
fixed
suse enterprise sap 15 SP1
0.18.9-3.8.1
fixed
suse enterprise sap 15 SP2
0.18.9-3.8.1
fixed
suse enterprise server 15
0.18.9-1.9
fixed
suse enterprise server 15 SP1
0.18.9-3.8.1
fixed
suse enterprise server 15 SP2
0.18.9-3.8.1
fixed
suse enterprise workstation 15
0.18.9-1.9
fixed
suse enterprise workstation 15 SP1
0.18.9-3.8.1
fixed
suse enterprise workstation 15 SP2
0.18.9-3.8.1
fixed
libraw16
suse enterprise desktop 15
0.18.9-1.9
fixed
suse enterprise desktop 15 SP1
0.18.9-3.8.1
fixed
suse enterprise desktop 15 SP2
0.18.9-3.8.1
fixed
suse enterprise sap 15
0.18.9-1.9
fixed
suse enterprise sap 15 SP1
0.18.9-3.8.1
fixed
suse enterprise sap 15 SP2
0.18.9-3.8.1
fixed
suse enterprise server 15
0.18.9-1.9
fixed
suse enterprise server 15 SP1
0.18.9-3.8.1
fixed
suse enterprise server 15 SP2
0.18.9-3.8.1
fixed
suse enterprise workstation 15
0.18.9-1.9
fixed
suse enterprise workstation 15 SP1
0.18.9-3.8.1
fixed
suse enterprise workstation 15 SP2
0.18.9-3.8.1
fixed
Common Weakness Enumeration
References
http://secunia.com/advisories/53547
http://www.libraw.org/news/libraw-0-15-1
http://www.openwall.com/lists/oss-security/2013/05/29/7
https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
http://secunia.com/advisories/53547
http://www.libraw.org/news/libraw-0-15-1
http://www.openwall.com/lists/oss-security/2013/05/29/7
https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d