Vulnerabilities > CVE-2015-3885 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-228.NASL description A vulnerability has been discovered in the ExactImage image manipulation programs. CVE-2015-3885 Eduardo Castellanos discovered an Integer overflow in the dcraw version included in ExactImage. This vulnerability allows remote attackers to cause a denial of service (crash) via a crafted image. For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.1-3+deb6u4. For the oldstable, stable, and testing distributions, these problems will be fixed soon. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-05-29 plugin id 83886 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83886 title Debian DLA-228-1 : exactimage security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-228-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(83886); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-3885"); script_bugtraq_id(74590); script_name(english:"Debian DLA-228-1 : exactimage security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered in the ExactImage image manipulation programs. CVE-2015-3885 Eduardo Castellanos discovered an Integer overflow in the dcraw version included in ExactImage. This vulnerability allows remote attackers to cause a denial of service (crash) via a crafted image. For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.1-3+deb6u4. For the oldstable, stable, and testing distributions, these problems will be fixed soon. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/05/msg00015.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/exactimage" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:exactimage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:exactimage-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:exactimage-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libexactimage-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-exactimage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-exactimage"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"exactimage", reference:"0.8.1-3+deb6u4")) flag++; if (deb_check(release:"6.0", prefix:"exactimage-dbg", reference:"0.8.1-3+deb6u4")) flag++; if (deb_check(release:"6.0", prefix:"exactimage-perl", reference:"0.8.1-3+deb6u4")) flag++; if (deb_check(release:"6.0", prefix:"libexactimage-perl", reference:"0.8.1-3+deb6u4")) flag++; if (deb_check(release:"6.0", prefix:"php5-exactimage", reference:"0.8.1-3+deb6u4")) flag++; if (deb_check(release:"6.0", prefix:"python-exactimage", reference:"0.8.1-3+deb6u4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-60.NASL description The remote host is affected by the vulnerability described in GLSA-201701-60 (LibRaw: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96746 published 2017-01-25 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96746 title GLSA-201701-60 : LibRaw: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201701-60. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96746); script_version("3.3"); script_cvs_date("Date: 2020/01/22"); script_cve_id("CVE-2015-3885", "CVE-2015-8366", "CVE-2015-8367"); script_xref(name:"GLSA", value:"201701-60"); script_name(english:"GLSA-201701-60 : LibRaw: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201701-60 (LibRaw: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in LibRaw. Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-60" ); script_set_attribute( attribute:"solution", value: "All LibRaw users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libraw-0.17.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libraw"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/19"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/libraw", unaffected:make_list("ge 0.17.1"), vulnerable:make_list("lt 0.17.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LibRaw"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-8647.NASL description This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates dcraw to version 9,25.0 which contains updated color matrices and supports the Canon EOS 5DS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-06-09 plugin id 84030 published 2015-06-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84030 title Fedora 21 : dcraw-9.25.0-2.fc21 (2015-8647) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-8647. # include("compat.inc"); if (description) { script_id(84030); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-3885"); script_xref(name:"FEDORA", value:"2015-8647"); script_name(english:"Fedora 21 : dcraw-9.25.0-2.fc21 (2015-8647)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates dcraw to version 9,25.0 which contains updated color matrices and supports the Canon EOS 5DS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1221249" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2cd0415b" ); script_set_attribute(attribute:"solution", value:"Update the affected dcraw package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dcraw"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"dcraw-9.25.0-2.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dcraw"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-8247.NASL description Patch for ljpeg_start() vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-27 plugin id 83831 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83831 title Fedora 20 : LibRaw-0.15.4-2.fc20 (2015-8247) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-8247. # include("compat.inc"); if (description) { script_id(83831); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-3885"); script_xref(name:"FEDORA", value:"2015-8247"); script_name(english:"Fedora 20 : LibRaw-0.15.4-2.fc20 (2015-8247)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Patch for ljpeg_start() vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1221250" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158582.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?10e33a72" ); script_set_attribute( attribute:"solution", value:"Update the affected LibRaw package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:LibRaw"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"LibRaw-0.15.4-2.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LibRaw"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-243.NASL description [This DLA supersedes my wrong announcement using DLA 241-1] CVE-2015-3885: Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. We recommend that you upgrade your libraw packages. -- Matteo F. Vescovi || Debian Developer GnuPG KeyID: 4096R/0x8062398983B2CF7A NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-06-11 plugin id 84094 published 2015-06-11 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84094 title Debian DLA-243-1 : libraw security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-243-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(84094); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-3885"); script_bugtraq_id(74590); script_name(english:"Debian DLA-243-1 : libraw security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "[This DLA supersedes my wrong announcement using DLA 241-1] CVE-2015-3885: Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. We recommend that you upgrade your libraw packages. -- Matteo F. Vescovi || Debian Developer GnuPG KeyID: 4096R/0x8062398983B2CF7A NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/06/msg00007.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libraw" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected libraw-dev, and libraw-doc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libraw-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libraw-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libraw-dev", reference:"0.9.1-1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libraw-doc", reference:"0.9.1-1+deb6u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2015-8699.NASL description This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates ufraw to version 0.21, an upstream bugfix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-06-09 plugin id 84032 published 2015-06-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84032 title Fedora 22 : ufraw-0.21-1.fc22 (2015-8699) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-8699. # include("compat.inc"); if (description) { script_id(84032); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-3885"); script_xref(name:"FEDORA", value:"2015-8699"); script_name(english:"Fedora 22 : ufraw-0.21-1.fc22 (2015-8699)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates ufraw to version 0.21, an upstream bugfix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1221249" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f90f00dd" ); script_set_attribute(attribute:"solution", value:"Update the affected ufraw package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ufraw"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"ufraw-0.21-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ufraw"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-8621.NASL description This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates dcraw to version 9,25.0 which contains updated color matrices and supports the Canon EOS 5DS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-06-09 plugin id 84029 published 2015-06-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84029 title Fedora 22 : dcraw-9.25.0-2.fc22 (2015-8621) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8085.NASL description Update to version 0.16.1, see http://www.libraw.org/download#changelog for details. Security fix for CVE-2015-3885. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-27 plugin id 83826 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83826 title Fedora 22 : mingw-LibRaw-0.16.1-1.fc22 (2015-8085) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8671.NASL description This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates dcraw to version 9,25.0 which contains updated color matrices and supports the Canon EOS 5DS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-06-09 plugin id 84031 published 2015-06-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84031 title Fedora 20 : dcraw-9.25.0-2.fc20 (2015-8671) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8482.NASL description Latest upstream bugfix. Fixed dcraw vulnerability in ljpeg_start() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-29 plugin id 83898 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83898 title Fedora 21 : LibRaw-0.16.2-1.fc21 (2015-8482) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8717.NASL description This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates ufraw to version 0.21, an upstream bugfix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-06-09 plugin id 84034 published 2015-06-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84034 title Fedora 21 : ufraw-0.21-1.fc21 (2015-8717) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3692.NASL description Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 94056 published 2016-10-14 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94056 title Debian DSA-3692-1 : freeimage - security update NASL family Fedora Local Security Checks NASL id FEDORA_2015-8444.NASL description Update to version 0.16.2, see http://www.libraw.org/download#changelog for details. Update to version 0.16.1, see http://www.libraw.org/download#changelog for details. Security fix for CVE-2015-3885. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-27 plugin id 83838 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83838 title Fedora 22 : mingw-LibRaw-0.16.2-1.fc22 (2015-8444) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2489.NASL description According to the version of the dcraw package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.(CVE-2015-3885) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131642 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131642 title EulerOS 2.0 SP2 : dcraw (EulerOS-SA-2019-2489) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8706.NASL description This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates ufraw to version 0.21, an upstream bugfix release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-06-09 plugin id 84033 published 2015-06-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84033 title Fedora 20 : ufraw-0.21-1.fc20 (2015-8706) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2300-1.NASL description This update for libraw fixes the following issues : - CVE-2015-3885: A specially crafted raw image file could have caused a Denial of Service through an integer overflow. (bsc#930683) - CVE-2015-8367: The function phase_one_correct() did not handle memory object initialization correctly, which may have caused some other problems. (bsc#957517) - CVE-2017-6886: memory corruption in parse_tiff_ifd() func (internal/dcraw_common.cpp) could lead to Denial of service (bsc#1039380) - CVE-2017-6889: integer overflow error within the last seen 2020-06-01 modified 2020-06-02 plugin id 102855 published 2017-08-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102855 title SUSE SLED12 Security Update : libraw (SUSE-SU-2017:2300-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8170.NASL description Rawstudio from github https://github.com/rawstudio/rawstudio/ . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-20 plugin id 84856 published 2015-07-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84856 title Fedora 21 : rawstudio-2.1-0.1.20150511git983bda1.fc21 (2015-8170) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8187.NASL description Security fix for CVE-2015-3885 (dcraw input sanitization), bz #1221257 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-29 plugin id 83892 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83892 title Fedora 22 : rawtherapee-4.2-9.fc22 (2015-8187) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_57325ECFFACC11E4968FB888E347C638.NASL description ocert reports : The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the last seen 2020-06-01 modified 2020-06-02 plugin id 83512 published 2015-05-18 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83512 title FreeBSD : dcraw -- integer overflow condition (57325ecf-facc-11e4-968f-b888e347c638) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201706-17.NASL description The remote host is affected by the vulnerability described in GLSA-201706-17 (Kodi: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Kodi. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file using Kodi, possibly resulting in a Denial of Service condition. Furthermore, a remote attacker could entice a user process a specially crafted ZIP file containing subtitles using Kodi, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100943 published 2017-06-21 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100943 title GLSA-201706-17 : Kodi: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3492-1.NASL description It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104785 published 2017-11-27 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104785 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libraw vulnerabilities (USN-3492-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2567.NASL description According to the version of the dcraw package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.(CVE-2015-3885) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-19 plugin id 132284 published 2019-12-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132284 title EulerOS 2.0 SP3 : dcraw (EulerOS-SA-2019-2567) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8432.NASL description Latest upstream bugfix. Fixed dcraw vulnerability in ljpeg_start() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-27 plugin id 83837 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83837 title Fedora 22 : LibRaw-0.16.2-1.fc22 (2015-8432) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8196.NASL description Rawstudio from github https://github.com/rawstudio/rawstudio/ . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-20 plugin id 84857 published 2015-07-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84857 title Fedora 22 : rawstudio-2.1-0.1.20150511git983bda1.fc22 (2015-8196) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-54.NASL description The remote host is affected by the vulnerability described in GLSA-201701-54 (DCRaw: Buffer overflow) An integer overflow was discovered in the ljpeg_start function in DCRaw. Impact : Remote attackers, by enticing a user to open a specially crafted image, could cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96689 published 2017-01-23 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96689 title GLSA-201701-54 : DCRaw: Buffer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2015-8266.NASL description Security fix for CVE-2015-3885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-27 plugin id 83833 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83833 title Fedora 20 : mingw-LibRaw-0.15.4-5.fc20 (2015-8266) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8498.NASL description Update to version 0.16.2, see http://www.libraw.org/download#changelog for details. Update to version 0.16.1, see http://www.libraw.org/download#changelog for details. Security fix for CVE-2015-3885. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-29 plugin id 83899 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83899 title Fedora 21 : mingw-LibRaw-0.16.2-1.fc21 (2015-8498) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-378.NASL description The libraw library was updated to fix one security issue. The following vulnerability was fixed : - boo#930683: CVE-2015-3885: dcraw/libraw: input sanitization errors last seen 2020-06-05 modified 2015-05-26 plugin id 83804 published 2015-05-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83804 title openSUSE Security Update : libraw (openSUSE-2015-378)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html
- http://www.ocert.org/advisories/ocert-2015-006.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/archive/1/535513/100/0/threaded
- http://www.securityfocus.com/bid/74590
- https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
- https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
- https://security.gentoo.org/glsa/201701-54
- https://security.gentoo.org/glsa/201706-17