CVE-2015-3885

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Desbordamiento de enteros en la función ljpeg_start en dcraw 7.00 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) a través de una imagen manipulada, lo que provoca un desbordamiento de buffer, relacionado con la variable len.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-05-12 CVE Reserved
2015-05-19 CVE Published
2023-09-22 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (17)

URL	Tag	Source
http://www.ocert.org/advisories/ocert-2015-006.html	Us Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/535513/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/74590	Vdb Entry
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5	X_refsource_confirm
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162084.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159469.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159479.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159518.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159579.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159625.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159665.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159083.html	2018-10-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159123.html	2018-10-09
https://security.gentoo.org/glsa/201701-54	2018-10-09
https://security.gentoo.org/glsa/201706-17	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dcraw Project Search vendor "Dcraw Project"		Dcraw Search vendor "Dcraw Project" for product "Dcraw"				<= 7.00 Search vendor "Dcraw Project" for product "Dcraw" and version " <= 7.00"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				21 Search vendor "Fedoraproject" for product "Fedora" and version "21"		-		Affected