Advisories ยป MGASA-2015-0222

Updated darktable packages fix CVE-2015-3885

Publication date: 13 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3885


Updated darktable package fixes security vulnerability

The dcraw tool bundled in darktable's libraw copy suffers from an integer
overflow condition which leads to a buffer overflow. A maliciously crafted
raw image file can be used to trigger the vulnerability, causing a Denial
of Service condition.

The bundled dcraw code has been patched to fix this vulnerability.