Fluid Attacks Database

Description

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	dcraw	>=0 <9.26-1	9.26-1
debian 13	freeimage	>=0 <3.15.4-6	3.15.4-6
debian 12	darktable	>=0 <1.6.7-1	1.6.7-1
debian 13	kodi	>=0 <16.0+dfsg1-1	16.0+dfsg1-1
debian 11	rawtherapee	>=0 <4.2-2	4.2-2
debian 12	rawtherapee	>=0 <4.2-2	4.2-2
debian 11	libraw	>=0 <0.16.2-1	0.16.2-1
debian 14	exactimage	>=0 <0.9.1-5	0.9.1-5
debian 11	freeimage	>=0 <3.15.4-6	3.15.4-6
debian 12	freeimage	>=0 <3.15.4-6	3.15.4-6

1-10 of 36

Aliases

1. CVE-2015-38852. NVD-2015-38853. OSV-DEBIAN-2015-38854. OSV-2015-38855. SECURITY-TRACKER-CVE-2015-3885

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.