CVE-2015-3885

NameCVE-2015-3885
DescriptionInteger overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-228-1, DLA-243-1, DSA-3692-1
NVD severitymedium (attack range: remote)
Debian Bugs785019, 786688, 786783, 786785, 786788, 786790, 786792, 792299

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
darktable (PTS)wheezy1.0.4-1+deb7u2vulnerable
jessie1.4.2-1+deb8u1fixed
stretch2.2.1-3fixed
buster, sid2.2.5-2fixed
dcraw (PTS)wheezy8.99-1vulnerable
jessie9.21-0.2vulnerable
buster, sid, stretch9.27-1fixed
exactimage (PTS)wheezy0.8.5-5+deb7u4fixed
wheezy (security)0.8.5-5+deb7u3vulnerable
jessie0.8.9-7+deb8u2fixed
stretch0.9.1-16fixed
buster0.9.2-1fixed
sid1.0.1-1fixed
freeimage (PTS)wheezy3.15.1-1.1vulnerable
wheezy (security)3.15.1-1.1+deb7u1vulnerable
jessie (security), jessie3.15.4-4.2+deb8u1fixed
buster, sid, stretch3.17.0+ds1-5fixed
kodi (PTS)stretch2:17.1+dfsg1-3fixed
sid2:17.3+dfsg1-5fixed
libraw (PTS)wheezy0.14.6-2+deb7u1fixed
wheezy (security)0.14.6-2+deb7u3fixed
jessie0.16.0-9+deb8u2fixed
jessie (security)0.16.0-9+deb8u3fixed
stretch (security), stretch0.17.2-6+deb9u1fixed
buster, sid0.18.5-1fixed
rawstudio (PTS)wheezy2.0-1.1vulnerable
rawtherapee (PTS)wheezy4.0.9-4+deb7u1fixed
jessie4.2-1+deb8u2fixed
stretch5.0-1fixed
buster, sid5.3-1fixed
ufraw (PTS)wheezy0.18-2vulnerable
jessie0.20-2+deb8u1fixed
buster, sid, stretch0.22-1.1fixed
xbmc (PTS)wheezy2:11.0~git20120510.82388d5-1vulnerable
jessie2:13.2+dfsg1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
darktablesource(unstable)1.6.7-1medium786792
darktablesourcejessie1.4.2-1+deb8u1medium
dcrawsource(unstable)9.26-1medium785019
exactimagesource(unstable)0.9.1-5medium786785
exactimagesourcejessie0.8.9-7+deb8u1medium
exactimagesourcesqueeze0.8.1-3+deb6u4mediumDLA-228-1
exactimagesourcewheezy0.8.5-5+deb7u4medium
freeimagesource(unstable)3.15.4-6medium786790
freeimagesourcejessie3.15.4-4.2+deb8u1mediumDSA-3692-1
kodisource(unstable)16.0+dfsg1-1medium792299
librawsource(unstable)0.16.2-1medium786788
librawsourcejessie0.16.0-9+deb8u1medium
librawsourcesqueeze0.9.1-1+deb6u1mediumDLA-243-1
librawsourcewheezy0.14.6-2+deb7u1medium
rawstudiosource(unstable)(unfixed)medium
rawtherapeesource(unstable)4.2-2medium
rawtherapeesourcejessie4.2-1+deb8u1medium
rawtherapeesourcewheezy4.0.9-4+deb7u1medium
ufrawsource(unstable)0.20-3medium786783
ufrawsourcejessie0.20-2+deb8u1medium
xbmcsource(unstable)2:13.2+dfsg1-5medium786688

Notes

[jessie] - dcraw <no-dsa> (Minor issue)
[wheezy] - dcraw <no-dsa> (Minor issue)
[squeeze] - dcraw <no-dsa> (Minor issue)
[wheezy] - ufraw <no-dsa> (Minor issue)
[squeeze] - ufraw <no-dsa> (Minor issue)
[squeeze] - libraw <no-dsa> (Minor issue)
[squeeze] - rawtherapee <no-dsa> (Minor issue)
[wheezy] - rawstudio <no-dsa> (Minor issue)
[squeeze] - rawstudio <no-dsa> (Minor issue)
[jessie] - xbmc <no-dsa> (Minor issue)
[wheezy] - xbmc <no-dsa> (Minor issue)
[squeeze] - exactimage <no-dsa> (Minor issue)
[wheezy] - freeimage <no-dsa> (Minor issue)
[squeeze] - freeimage <no-dsa> (Minor issue)
[wheezy] - darktable <no-dsa> (Minor issue)
http://www.ocert.org/advisories/ocert-2015-006.html
https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
Starting with 2:13.2+dfsg1-5 xbmc is a transitional package

Search for package or bug name: Reporting problems