[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 243-1] libraw security update

Package        : libraw
Version        : 0.9.1-1+deb6u1
CVE ID         : CVE-2015-3885
Debian Bug     : 786788

[This DLA supersedes my wrong announcement using DLA 241-1]

 Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
 allows remote attackers to cause a denial of service (crash) via a
 crafted image, which triggers a buffer overflow, related to the len

We recommend that you upgrade your libraw packages.

Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A

Attachment: signature.asc
Description: Digital signature

Reply to: