CVE-2015-3885 : Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of serv

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Published 2015-05-19 18:59:07

Updated 2018-10-09 19:56:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-3885

Probability of exploitation activity in the next 30 days: 4.80%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-3885

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2015-3885

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3885

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html

[SECURITY] Fedora 22 Update: ufraw-0.21-1.fc22
https://security.gentoo.org/glsa/201701-54

DCRaw: Buffer overflow (GLSA 201701-54) — Gentoo security
https://security.gentoo.org/glsa/201706-17

Kodi: Multiple vulnerabilities (GLSA 201706-17) — Gentoo security

CVEs referencing this url
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e

Avoid overflow in ljpeg_start(). · rawstudio/rawstudio@983bda1 · GitHub
http://www.ocert.org/advisories/ocert-2015-006.html

oCERT archive
US Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html

[SECURITY] Fedora 21 Update: rawstudio-2.1-0.1.20150511git983bda1.fc21
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html

[SECURITY] Fedora 21 Update: dcraw-9.25.0-2.fc21
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html

[SECURITY] Fedora 21 Update: mingw-LibRaw-0.16.2-1.fc21
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html

[SECURITY] Fedora 20 Update: ufraw-0.21-1.fc20
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html

[SECURITY] Fedora 22 Update: dcraw-9.25.0-2.fc22
http://www.securityfocus.com/bid/74590

dcraw 'dcraw.cc' Integer Overflow Vulnerability
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html

[SECURITY] Fedora 21 Update: ufraw-0.21-1.fc21
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html

[SECURITY] Fedora 21 Update: LibRaw-0.16.2-1.fc21
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html

[SECURITY] Fedora 20 Update: dcraw-9.25.0-2.fc20
http://www.securityfocus.com/archive/1/535513/100/0/threaded

SecurityFocus
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5

0.16.1: fix for dcraw ljpeg_start() vulnerability · LibRaw/LibRaw@4606c28 · GitHub

Products affected by CVE-2015-3885

Fedoraproject » Fedora » Version: 21
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Matching versions
Dcraw Project » Dcraw
Versions up to, including, (<=) 7.00
cpe:2.3:a:dcraw_project:dcraw:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-3885

Exploit prediction scoring system (EPSS) score for CVE-2015-3885

CVSS scores for CVE-2015-3885

CWE ids for CVE-2015-3885

References for CVE-2015-3885

Products affected by CVE-2015-3885