CVE-2015-3885
freeimage - security update
EPSS 4.7%
Description
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
How to fix CVE-2015-3885
To remediate CVE-2015-3885, upgrade the affected package to a fixed version below.
- Debian/darktable—upgrade to 1.6.7-1 or later
- Debian/dcraw—upgrade to 9.26-1 or later
- Debian/exactimage—upgrade to 0.8.1-3+deb6u4 or later
- —upgrade to 0.9.1-5 or later
- —upgrade to 3.15.4-4.2+deb8u1 or later
- —upgrade to 3.15.4-6 or later
- —upgrade to 16.0+dfsg1-1 or later
- —upgrade to 0.9.1-1+deb6u1 or later
- —upgrade to 0.16.2-1 or later
- —upgrade to 4.2-2 or later
Is CVE-2015-3885 being exploited?
Low — EPSS is 4.7%, meaning exploitation activity has not been observed at scale.
Affected packages (10)
- from 0, < 1.6.7-1
- from 0, < 9.26-1
- from 0, < 0.8.1-3+deb6u4
- from 0, < 0.9.1-5
- from 0, < 3.15.4-4.2+deb8u1
- from 0, < 3.15.4-6
- from 0, < 16.0+dfsg1-1
- from 0, < 0.9.1-1+deb6u1
- from 0, < 0.16.2-1
- from 0, < 4.2-2