FreeBSD : dcraw -- integer overflow condition (57325ecf-facc-11e4-968f-b888e347c638)

Medium Nessus Plugin ID 83512


The remote FreeBSD host is missing one or more security-related updates.


ocert reports :

The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow.

The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function.

A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 83512

File Name: freebsd_pkg_57325ecffacc11e4968fb888e347c638.nasl

Version: $Revision: 2.10 $

Type: local

Published: 2015/05/18

Modified: 2016/01/11

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cinepaint, p-cpe:/a:freebsd:freebsd:darktable, p-cpe:/a:freebsd:freebsd:dcraw, p-cpe:/a:freebsd:freebsd:dcraw-m, p-cpe:/a:freebsd:freebsd:exact-image, p-cpe:/a:freebsd:freebsd:flphoto, p-cpe:/a:freebsd:freebsd:freeimage, p-cpe:/a:freebsd:freebsd:kodi, p-cpe:/a:freebsd:freebsd:libraw, p-cpe:/a:freebsd:freebsd:lightzone, p-cpe:/a:freebsd:freebsd:netpbm, p-cpe:/a:freebsd:freebsd:opengtl, p-cpe:/a:freebsd:freebsd:rawstudio, p-cpe:/a:freebsd:freebsd:ufraw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/05/15

Vulnerability Publication Date: 2015/04/24

Reference Information

CVE: CVE-2015-3885