Vulnerability Details : CVE-2013-2126
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2013-2126
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*
- cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2126
1.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2126
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-2126
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2126
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html
openSUSE-SU-2013:1085-1: moderate: update for libraw
-
http://www.ubuntu.com/usn/USN-1884-1
USN-1884-1: LibRaw vulnerability | Ubuntu security notices
-
http://www.libraw.org/news/libraw-0-15-2
LibRaw 0.15.2 | LibRaw
-
http://www.openwall.com/lists/oss-security/2013/05/29/7
oss-security - Re: CVE request: libraw: multiple issues
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html
openSUSE-SU-2013:1083-1: moderate: update for darktable
-
http://www.ubuntu.com/usn/USN-1885-1
USN-1885-1: libKDcraw vulnerability | Ubuntu security notices
-
https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
prevent double-free() on broken full-color images error handling · LibRaw/LibRaw@19ffddb · GitHubExploit;Patch
-
http://www.openwall.com/lists/oss-security/2013/06/10/1
oss-security - Re: CVE request: libraw: multiple issues
Jump to