FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dcraw -- integer overflow condition

Affected packages
0.22.0 <= cinepaint
darktable < 1.6.7
7.00 <= dcraw < 9.26
0 <= dcraw-m
exact-image < 0.9.1
0 <= flphoto
3.13.0 <= freeimage < 3.16.0_1
kodi < 14.2_1
libraw < 0.16.1
lightzone < 4.1.2
netpbm < 10.35.96
0 <= opengtl
rawstudio < 2.0_11
ufraw < 0.21

Details

VuXML ID 57325ecf-facc-11e4-968f-b888e347c638
Discovery 2015-04-24
Entry 2015-05-15
Modified 2016-01-08

ocert reports:

The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow.

The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function.

A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.

References

CVE Name CVE-2015-3885
URL http://www.ocert.org/advisories/ocert-2015-006.html
URL https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
URL https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
URL https://sourceforge.net/p/netpbm/code/2512/