UBUNTU-CVE-2015-3885

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2015-3885

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-3885

Related

Published

2015-05-19T00:00:00Z

Modified

2015-05-19T00:00:00Z

Summary

[none]

Details

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

References

Affected packages

Ubuntu:14.04:LTS / libraw

Package

Name: libraw
Purl: pkg:deb/ubuntu/libraw@0.15.4-1ubuntu0.1?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.15.4-1ubuntu0.1

Affected versions

0.*

0.15.3-1ubuntu1

0.15.4-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "libraw-bin-dbgsym": "0.15.4-1ubuntu0.1",
            "libraw-bin": "0.15.4-1ubuntu0.1",
            "libraw9-dbgsym": "0.15.4-1ubuntu0.1",
            "libraw-dev": "0.15.4-1ubuntu0.1",
            "libraw-doc": "0.15.4-1ubuntu0.1",
            "libraw9": "0.15.4-1ubuntu0.1"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / freeimage

Package

Name: freeimage
Purl: pkg:deb/ubuntu/freeimage@3.15.4-3ubuntu0.1+esm2?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.4-3ubuntu0.1+esm2

Affected versions

3.*

3.15.1-2build1

3.15.1-2build2

3.15.4-2

3.15.4-3

3.15.4-3ubuntu0.1

3.15.4-3ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "libfreeimage-dev": "3.15.4-3ubuntu0.1+esm2",
            "libfreeimage3-dbg": "3.15.4-3ubuntu0.1+esm2",
            "libfreeimage3": "3.15.4-3ubuntu0.1+esm2",
            "libfreeimage3-dbgsym": "3.15.4-3ubuntu0.1+esm2",
            "libfreeimage-dev-dbgsym": "3.15.4-3ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:16.04:LTS / darktable

Package

Name: darktable
Purl: pkg:deb/ubuntu/darktable@1.6.8-1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.8-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "darktable": "1.6.8-1",
            "darktable-dbg": "1.6.8-1",
            "darktable-dbgsym": "1.6.8-1"
        }
    ]
}

Ubuntu:16.04:LTS / freeimage

Package

Name: freeimage
Purl: pkg:deb/ubuntu/freeimage@3.15.4-6?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.4-6

Affected versions

3.*

3.15.4-4.1build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "libfreeimage-dev": "3.15.4-6",
            "libfreeimage3-dbg": "3.15.4-6",
            "libfreeimage3": "3.15.4-6",
            "libfreeimage3-dbgsym": "3.15.4-6",
            "libfreeimage-dev-dbgsym": "3.15.4-6"
        }
    ]
}

Ubuntu:16.04:LTS / libraw

Package

Name: libraw
Purl: pkg:deb/ubuntu/libraw@0.17.1-1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.17.1-1

Affected versions

0.*

0.16.2-1

0.17.0-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "libraw-bin-dbgsym": "0.17.1-1",
            "libraw-bin": "0.17.1-1",
            "libraw15-dbgsym": "0.17.1-1",
            "libraw-dev": "0.17.1-1",
            "libraw-doc": "0.17.1-1",
            "libraw15": "0.17.1-1"
        }
    ]
}

Ubuntu:16.04:LTS / rawtherapee

Package

Name: rawtherapee
Purl: pkg:deb/ubuntu/rawtherapee@4.2-4?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2-4

Affected versions

4.*

4.2-2build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "rawtherapee-data": "4.2-4",
            "rawtherapee-dbgsym": "4.2-4",
            "rawtherapee": "4.2-4"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / dcraw

Package

Name: dcraw

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.21-0.2

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:Pro:16.04:LTS / kodi

Package

Name: kodi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

15.*

15.1+dfsg1-3

15.2+dfsg1-1build1

15.2+dfsg1-3

15.2+dfsg1-3ubuntu1

15.2+dfsg1-3ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:24.04:LTS / kodi

Package

Name: kodi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:20.*

2:20.2+dfsg-4

2:20.2+dfsg-4build1

2:20.2+dfsg-4build2

2:20.2+dfsg-4ubuntu1

2:20.3+dfsg-1

2:20.4+dfsg-1

2:20.5+dfsg-1build2

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}