Advisories » MGASA-2015-0222

Updated darktable packages fix CVE-2015-3885

Publication date: 13 May 2015
Modification date: 13 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3885

Description

Updated darktable package fixes security vulnerability

The dcraw tool bundled in darktable's libraw copy suffers from an integer
overflow condition which leads to a buffer overflow. A maliciously crafted
raw image file can be used to trigger the vulnerability, causing a Denial
of Service condition.

The bundled dcraw code has been patched to fix this vulnerability.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15915
• https://bugs.mageia.org/show_bug.cgi?id=15910
• http://www.ocert.org/advisories/ocert-2015-006.html
• http://openwall.com/lists/oss-security/2015/05/12/8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885

SRPMS

4/core

• darktable-1.2.3-4.3.mga4