Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
{ "binaries": [ { "binary_version": "0.15.4-1ubuntu0.1", "binary_name": "libraw-bin" }, { "binary_version": "0.15.4-1ubuntu0.1", "binary_name": "libraw-bin-dbgsym" }, { "binary_version": "0.15.4-1ubuntu0.1", "binary_name": "libraw-dev" }, { "binary_version": "0.15.4-1ubuntu0.1", "binary_name": "libraw-doc" }, { "binary_version": "0.15.4-1ubuntu0.1", "binary_name": "libraw9" }, { "binary_version": "0.15.4-1ubuntu0.1", "binary_name": "libraw9-dbgsym" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "3.15.4-3ubuntu0.1+esm2", "binary_name": "libfreeimage-dev" }, { "binary_version": "3.15.4-3ubuntu0.1+esm2", "binary_name": "libfreeimage-dev-dbgsym" }, { "binary_version": "3.15.4-3ubuntu0.1+esm2", "binary_name": "libfreeimage3" }, { "binary_version": "3.15.4-3ubuntu0.1+esm2", "binary_name": "libfreeimage3-dbg" }, { "binary_version": "3.15.4-3ubuntu0.1+esm2", "binary_name": "libfreeimage3-dbgsym" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }