CVE-2013-2126
EPSS 2.4%
Description
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
How to fix CVE-2013-2126
To remediate CVE-2013-2126, upgrade the affected package to a fixed version below.
- Debian/darktable—upgrade to 1.2.1-2 or later
- Debian/libkdcraw—upgrade to 24.12.0-1 or later
- Debian/libraw—upgrade to 0.15.3-1 or later
Is CVE-2013-2126 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.2.1-2
- from 0, < 24.12.0-1
- from 0, < 0.15.3-1