{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "74590", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74590"}, {"name": "GLSA-201706-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-17"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5"}, {"name": "FEDORA-2015-8482", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html"}, {"name": "FEDORA-2015-8717", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html"}, {"name": "GLSA-201701-54", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-54"}, {"name": "FEDORA-2015-8706", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html"}, {"name": "FEDORA-2015-8671", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "FEDORA-2015-8170", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html"}, {"name": "FEDORA-2015-8621", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html"}, {"name": "FEDORA-2015-8699", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html"}, {"name": "FEDORA-2015-8647", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html"}, {"name": "20150511 [oCERT-2015-006] dcraw input sanitization errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/535513/100/0/threaded"}, {"name": "FEDORA-2015-8498", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2015-006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3885", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74590", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74590"}, {"name": "GLSA-201706-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-17"}, {"name": "https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5", "refsource": "CONFIRM", "url": "https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5"}, {"name": "FEDORA-2015-8482", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html"}, {"name": "FEDORA-2015-8717", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html"}, {"name": "GLSA-201701-54", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-54"}, {"name": "FEDORA-2015-8706", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html"}, {"name": "FEDORA-2015-8671", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "FEDORA-2015-8170", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html"}, {"name": "FEDORA-2015-8621", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html"}, {"name": "FEDORA-2015-8699", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html"}, {"name": "FEDORA-2015-8647", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html"}, {"name": "20150511 [oCERT-2015-006] dcraw input sanitization errors", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/535513/100/0/threaded"}, {"name": "FEDORA-2015-8498", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html"}, {"name": "http://www.ocert.org/advisories/ocert-2015-006.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2015-006.html"}, {"name": "https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e", "refsource": "CONFIRM", "url": "https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:56:16.330Z"}, "title": "CVE Program Container", "references": [{"name": "74590", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74590"}, {"name": "GLSA-201706-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5"}, {"name": "FEDORA-2015-8482", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html"}, {"name": "FEDORA-2015-8717", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html"}, {"name": "GLSA-201701-54", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-54"}, {"name": "FEDORA-2015-8706", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html"}, {"name": "FEDORA-2015-8671", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "FEDORA-2015-8170", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html"}, {"name": "FEDORA-2015-8621", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html"}, {"name": "FEDORA-2015-8699", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html"}, {"name": "FEDORA-2015-8647", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html"}, {"name": "20150511 [oCERT-2015-006] dcraw input sanitization errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/535513/100/0/threaded"}, {"name": "FEDORA-2015-8498", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2015-006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3885", "datePublished": "2015-05-19T18:00:00", "dateReserved": "2015-05-12T00:00:00", "dateUpdated": "2024-08-06T05:56:16.330Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dcraw_project:dcraw:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3177E37-D728-491F-8882-674B68960FB0", "versionEndIncluding": "7.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n ljpeg_start en dcraw 7.00 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una imagen manipulada, lo que provoca un desbordamiento de buffer, relacionado con la variable len."}], "id": "CVE-2015-3885", "lastModified": "2018-10-09T19:56:57.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-05-19T18:59:07.277", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.ocert.org/advisories/ocert-2015-006.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/535513/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/74590"}, {"source": "cve@mitre.org", "url": "https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5"}, {"source": "cve@mitre.org", "url": "https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-54"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201706-17"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "dcraw: input sanitization flaw leading to buffer overflow", "id": "1221249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221249"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-20->CWE-190->CWE-120", "details": ["Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.", "A flaw was discovered in the way dcraw processed Raw images. An attacker could use this flaw to cause dcraw to crash by tricking a user into processing a specially crafted Raw image file."], "name": "CVE-2015-3885", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "netpbm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "netpbm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libkdcraw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "netpbm", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3885\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3885\nhttp://www.ocert.org/advisories/ocert-2015-006.html"], "threat_severity": "Low", "upstream_fix": "LibRaw 0.16.1, LibRaw 0.17-Alpha3"}