{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-29T00:00:00", "descriptions": [{"lang": "en", "value": "The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-11-15T10:00:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "DSA-2748", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2748"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad"}, {"name": "[oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2013-1439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2748", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2748"}, {"name": "https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad", "refsource": "CONFIRM", "url": "https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad"}, {"name": "[oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:04:48.425Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2748", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2748"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad"}, {"name": "[oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2013-1439", "datePublished": "2013-09-16T19:00:00", "dateReserved": "2013-01-26T00:00:00", "dateUpdated": "2024-08-06T15:04:48.425Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libraw:libraw:0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "41959708-2D95-472D-B845-40EC10C51ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "03492249-E4F2-4696-AE8A-7111E3834490", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "8939A79E-5B9C-4389-9CEA-752899C4AAE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B566274-96B5-4966-9ECA-F78DBB8F0DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "1C1C9DE3-EEFF-4C10-8212-1BDFAF900204", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "3DA5937A-9559-4A3D-B550-05512F639B89", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "93912D7A-FE0B-4ACE-9F96-64D6F0EDE5C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.7:*:*:*:*:*:*:*", "matchCriteriaId": "9F3DBCCD-AC9F-4DAE-A6B2-13BA32F2575A", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.13.8:*:*:*:*:*:*:*", "matchCriteriaId": "CA950266-7B17-4A01-B879-6DC30F793608", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "98C296C8-D525-4847-AA59-8CC46719D92E", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DFCCA04-3EED-48C5-9C70-7D3F0003C0D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A74AA57-4D88-4DF0-85A9-E7D6D1CEFF00", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "69FEC106-AC7E-4ED9-8963-3FD4817EC56B", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.4:*:*:*:*:*:*:*", "matchCriteriaId": "05EEAF87-8CCE-48EC-86E7-EE28329D2A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.5:*:*:*:*:*:*:*", "matchCriteriaId": "D054474D-5C98-4797-9C15-217B8EBD55EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.6:*:*:*:*:*:*:*", "matchCriteriaId": "333AFB23-DC69-4612-8C6D-097617993561", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.14.7:*:*:*:*:*:*:*", "matchCriteriaId": "4BD3FC3C-52B7-45C6-84E6-6574767B2C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "25844B56-0F72-4FAA-9179-19659142A8C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "36D20992-4F53-4BBF-8CF8-C3128F07EAB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C98A25F-7E97-4FE9-86B6-C281AE330D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "3E52EC30-160B-4095-A269-DA8B7F0A11AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file."}, {"lang": "es", "value": "El \"faster LJPEG decoder\" en libraw versiones 0.13.x, 0.14.x, y versiones 0.15.x anteriores a 0.15.4, permite a los atacantes dependiendo del contexto causar una denegaci\u00f3n de servicio (desreferencia de un puntero NULL) por medio de un archivo de fotos dise\u00f1ado."}], "id": "CVE-2013-1439", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-09-16T19:14:37.693", "references": [{"source": "security@debian.org", "url": "http://www.debian.org/security/2013/dsa-2748"}, {"source": "security@debian.org", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"source": "security@debian.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "LibRaw: multiple denial of service flaws", "id": "1002714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002714"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The \"faster LJPEG decoder\" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file."], "name": "CVE-2013-1439", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-08-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1439\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1439"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}