Main Vulnerability Database Vulnerabilities #VU42565

NULL pointer dereference in LibRaw - CVE-2013-1439

Published: September 16, 2013 / Updated: January 5, 2023

Vulnerability identifier: #VU42565

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-1439

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibRaw LLC

Affected software:
LibRaw

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted photo file.

How to mitigate CVE-2013-1439

Install update from vendor's website.

Sources

http://www.debian.org/security/2013/dsa-2748
http://www.openwall.com/lists/oss-security/2013/08/29/3
https://github.com/LibRaw/LibRaw/commit/11909cc59e712e09b508dda729b99aeaac2b29ad

NULL pointer dereference in LibRaw - CVE-2013-1439

Detailed vulnerability description

How to mitigate CVE-2013-1439

Sources

Please verify you're human