[cximage] Fix denial of service via a crafted photo file (CVE-2013-1438) #4179
Commits on Feb 9, 2014
-
[cximage] Fix denial of service via a crafted photo file (CVE-2013-1438)
Embedded CxImage embeds a copy of libDCR, a fork of dcraw.c, which contains several denial of service vulnerabilities as discovered by Raphael Geissert. These seem to affect the CxImage-embedded libDCR as well. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438 ---- Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference. ---- Port the fix from libRaw [1] to CxImage copy of libDCR. The patch has been submitted upstream. [1] LibRaw/LibRaw@9ae25d8
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.