CVE-2013-1438
exactimage - denial of service
EPSS 0.48%
Description
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
How to fix CVE-2013-1438
To remediate CVE-2013-1438, upgrade the affected package to a fixed version below.
- Debian/darktable—upgrade to 1.2.2-2 or later
- Debian/dcraw—upgrade to 9.28-1 or later
- —upgrade to 0.8.9-1 or later
- —upgrade to 0.8.1-3+deb6u2 or later
- —upgrade to 24.12.0-1 or later
- —upgrade to 0.15.4-1 or later
Is CVE-2013-1438 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 1.2.2-2
- from 0, < 9.28-1
- from 0, < 0.8.9-1
- from 0, < 0.8.1-3+deb6u2
- from 0, < 24.12.0-1
- from 0, < 0.15.4-1