Description
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2748
Exploit, Patch x_refsource_confirm
https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad
Exploit, Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/08/29/3
Scores
EPSS
0.0048
EPSS Percentile
65.0%
Details
Status
published
Products (21)
libraw/libraw
0.13.0
libraw/libraw
0.13.1
libraw/libraw
0.13.2
libraw/libraw
0.13.3
libraw/libraw
0.13.4
libraw/libraw
0.13.5
libraw/libraw
0.13.6
libraw/libraw
0.13.7
libraw/libraw
0.13.8
libraw/libraw
0.14.0
... and 11 more
Published
Sep 16, 2013
Tracked Since
Feb 18, 2026