Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2015-3885

Published: May 19, 2015 | Modified: Oct 09, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
NEGLIGIBLE
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2015-3885
CWEhttps://cwe.mitre.org/data/definitions/189.html

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Affected Software

Name Vendor Start Version End Version
Dcraw Dcraw_project * 7.00 (including)
Darktable Ubuntu precise *
Darktable Ubuntu trusty *
Darktable Ubuntu upstream *
Darktable Ubuntu utopic *
Darktable Ubuntu vivid *
Dcraw Ubuntu artful *
Dcraw Ubuntu esm-apps/xenial *
Dcraw Ubuntu precise *
Dcraw Ubuntu trusty *
Dcraw Ubuntu upstream *
Dcraw Ubuntu utopic *
Dcraw Ubuntu vivid *
Dcraw Ubuntu wily *
Dcraw Ubuntu xenial *
Dcraw Ubuntu yakkety *
Dcraw Ubuntu zesty *
Exactimage Ubuntu artful *
Exactimage Ubuntu precise *
Exactimage Ubuntu trusty *
Exactimage Ubuntu upstream *
Exactimage Ubuntu utopic *
Exactimage Ubuntu vivid *
Exactimage Ubuntu wily *
Exactimage Ubuntu yakkety *
Exactimage Ubuntu zesty *
Freeimage Ubuntu artful *
Freeimage Ubuntu precise *
Freeimage Ubuntu trusty *
Freeimage Ubuntu trusty/esm *
Freeimage Ubuntu upstream *
Freeimage Ubuntu utopic *
Freeimage Ubuntu vivid *
Freeimage Ubuntu wily *
Freeimage Ubuntu yakkety *
Freeimage Ubuntu zesty *
Kodi Ubuntu artful *
Kodi Ubuntu esm-apps/xenial *
Kodi Ubuntu upstream *
Kodi Ubuntu wily *
Kodi Ubuntu xenial *
Kodi Ubuntu yakkety *
Kodi Ubuntu zesty *
Libraw Ubuntu precise *
Libraw Ubuntu trusty *
Libraw Ubuntu upstream *
Libraw Ubuntu utopic *
Libraw Ubuntu vivid *
Libraw Ubuntu wily *
Rawstudio Ubuntu precise *
Rawstudio Ubuntu trusty *
Rawstudio Ubuntu upstream *
Rawtherapee Ubuntu precise *
Rawtherapee Ubuntu trusty *
Rawtherapee Ubuntu upstream *
Rawtherapee Ubuntu utopic *
Rawtherapee Ubuntu vivid *
Rawtherapee Ubuntu wily *
Ufraw Ubuntu artful *
Ufraw Ubuntu precise *
Ufraw Ubuntu trusty *
Ufraw Ubuntu upstream *
Ufraw Ubuntu utopic *
Ufraw Ubuntu vivid *
Ufraw Ubuntu wily *
Ufraw Ubuntu yakkety *
Ufraw Ubuntu zesty *
Xbmc Ubuntu precise *
Xbmc Ubuntu trusty *
Xbmc Ubuntu upstream *
Xbmc Ubuntu utopic *
Xbmc Ubuntu vivid *
Xbmc Ubuntu yakkety *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use