Main Vulnerability Database SB2014011904

SB2014011904 - NULL pointer dereference in dcraw

Published: January 19, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014011904

CSH Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2013-1438)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.debian.org/security/2013/dsa-2748
http://www.openwall.com/lists/oss-security/2013/08/29/3
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/62060