CVE-2015-3885

NameCVE-2015-3885
DescriptionInteger overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-228-1, DLA-243-1, DSA-3692-1
Debian Bugs785019, 786688, 786783, 786785, 786788, 786790, 786792, 792299

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
darktable (PTS)jessie1.4.2-1+deb8u1fixed
stretch2.2.1-3fixed
buster2.6.0-1fixed
bullseye3.4.1-5fixed
bookworm4.2.1-4fixed
sid, trixie4.6.1-2fixed
dcraw (PTS)jessie9.21-0.2vulnerable
stretch9.27-1fixed
buster, bullseye9.28-2fixed
bookworm9.28-3fixed
sid, trixie9.28-5fixed
exactimage (PTS)jessie, jessie (lts)0.8.9-7+deb8u3fixed
stretch0.9.1-16fixed
buster1.0.2-1+deb10u1fixed
bullseye1.0.2-8fixed
sid, trixie, bookworm1.0.2-11fixed
freeimage (PTS)jessie, jessie (lts)3.15.4-4.2+deb8u2fixed
stretch (security)3.17.0+ds1-5+deb9u1fixed
stretch (lts), stretch3.17.0+ds1-5+deb9u2fixed
buster3.18.0+ds2-1+deb10u1fixed
buster (security)3.18.0+ds2-1+deb10u2fixed
bullseye (security), bullseye3.18.0+ds2-6+deb11u1fixed
bookworm (security), bookworm3.18.0+ds2-9+deb12u1fixed
sid, trixie3.18.0+ds2-10fixed
kodi (PTS)stretch2:17.1+dfsg1-3fixed
buster2:17.6+dfsg1-4fixed
buster (security)2:17.6+dfsg1-4+deb10u1fixed
bullseye2:19.1+dfsg2-2+deb11u1fixed
bookworm2:20.1+dfsg-1fixed
trixie2:20.4+dfsg-1fixed
sid2:20.5+dfsg-2fixed
libraw (PTS)jessie, jessie (lts)0.16.0-9+deb8u6fixed
stretch (security)0.17.2-6+deb9u2fixed
stretch (lts), stretch0.17.2-6+deb9u5fixed
buster0.19.2-2fixed
buster (security)0.19.2-2+deb10u4fixed
bullseye (security), bullseye0.20.2-1+deb11u1fixed
bookworm0.20.2-2.1fixed
trixie0.21.2-2fixed
sid0.21.2-2.1fixed
rawtherapee (PTS)jessie4.2-1+deb8u2fixed
stretch5.0-1fixed
buster5.5-1fixed
bullseye5.8-3fixed
bookworm5.9-1fixed
sid, trixie5.10-1fixed
ufraw (PTS)jessie, jessie (lts)0.20-2+deb8u2fixed
stretch0.22-1.1fixed
buster0.22-4fixed
xbmc (PTS)jessie2:13.2+dfsg1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
darktablesourcejessie1.4.2-1+deb8u1
darktablesource(unstable)1.6.7-1786792
dcrawsource(unstable)9.26-1785019
exactimagesourcesqueeze0.8.1-3+deb6u4DLA-228-1
exactimagesourcewheezy0.8.5-5+deb7u4
exactimagesourcejessie0.8.9-7+deb8u1
exactimagesource(unstable)0.9.1-5786785
freeimagesourcejessie3.15.4-4.2+deb8u1DSA-3692-1
freeimagesource(unstable)3.15.4-6786790
kodisource(unstable)16.0+dfsg1-1792299
librawsourcesqueeze0.9.1-1+deb6u1DLA-243-1
librawsourcewheezy0.14.6-2+deb7u1
librawsourcejessie0.16.0-9+deb8u1
librawsource(unstable)0.16.2-1786788
rawstudiosource(unstable)(unfixed)
rawtherapeesourcewheezy4.0.9-4+deb7u1
rawtherapeesourcejessie4.2-1+deb8u1
rawtherapeesource(unstable)4.2-2
ufrawsourcejessie0.20-2+deb8u1
ufrawsource(unstable)0.20-3786783
xbmcsource(unstable)2:13.2+dfsg1-5786688

Notes

[jessie] - dcraw <no-dsa> (Minor issue)
[wheezy] - dcraw <no-dsa> (Minor issue)
[squeeze] - dcraw <no-dsa> (Minor issue)
[wheezy] - ufraw <no-dsa> (Minor issue)
[squeeze] - ufraw <no-dsa> (Minor issue)
[squeeze] - libraw <no-dsa> (Minor issue)
[squeeze] - rawtherapee <no-dsa> (Minor issue)
[wheezy] - rawstudio <no-dsa> (Minor issue)
[squeeze] - rawstudio <no-dsa> (Minor issue)
[jessie] - xbmc <no-dsa> (Minor issue)
[wheezy] - xbmc <no-dsa> (Minor issue)
[squeeze] - exactimage <no-dsa> (Minor issue)
[wheezy] - freeimage <no-dsa> (Minor issue)
[squeeze] - freeimage <no-dsa> (Minor issue)
[wheezy] - darktable <no-dsa> (Minor issue)
http://www.ocert.org/advisories/ocert-2015-006.html
https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
Search for package or bug name: Reporting problems