Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "libraw-bin-dbgsym": "0.15.4-1ubuntu0.1", "libraw-bin": "0.15.4-1ubuntu0.1", "libraw9-dbgsym": "0.15.4-1ubuntu0.1", "libraw-dev": "0.15.4-1ubuntu0.1", "libraw-doc": "0.15.4-1ubuntu0.1", "libraw9": "0.15.4-1ubuntu0.1" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "negligible", "binaries": [ { "libfreeimage-dev": "3.15.4-3ubuntu0.1+esm2", "libfreeimage3-dbg": "3.15.4-3ubuntu0.1+esm2", "libfreeimage3": "3.15.4-3ubuntu0.1+esm2", "libfreeimage3-dbgsym": "3.15.4-3ubuntu0.1+esm2", "libfreeimage-dev-dbgsym": "3.15.4-3ubuntu0.1+esm2" } ] }