Bug 930683 (CVE-2015-3885) - VUL-1: CVE-2015-3885: dcraw,libraw,ufraw,netpbm: input sanitization errors
Summary: VUL-1: CVE-2015-3885: dcraw,libraw,ufraw,netpbm: input sanitization errors
Status: RESOLVED FIXED
Alias: CVE-2015-3885
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Fridrich Strba
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/116620/
Whiteboard: CVSSv2:SUSE:CVE-2015-3885:3.3:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-13 07:37 UTC by Sebastian Krahmer
Modified: 2022-04-07 08:35 UTC (History)
9 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-05-13 07:37:23 UTC 
From the oCERT advisory:

The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function.

A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.

CVE-2015-3885



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3885
http://seclists.org/oss-sec/2015/q2/417
http://www.ocert.org/advisories/ocert-2015-006.html
Comment 2 Petr Gajdos 2015-05-13 11:30:16 UTC 
For libraw, see
openSUSE: mr#306742
12:       mr#57566
Comment 3 Petr Gajdos 2015-05-13 11:30:51 UTC 
QA: no testcase found
Comment 5 Swamp Workflow Management 2015-05-13 22:00:14 UTC 
bugbot adjusting priority
Comment 6 Swamp Workflow Management 2015-05-24 15:05:23 UTC 
openSUSE-SU-2015:0931-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 930683
CVE References: CVE-2015-3885
Sources used:
openSUSE 13.2 (src):    libraw-0.16.0-2.3.1
openSUSE 13.1 (src):    libraw-0.15.4-2.3.1
Comment 7 Marcus Rückert 2015-06-30 00:29:12 UTC 
JFYI: http://www.darktable.org/2015/06/released-darktable-1-6-7/
Comment 8 Andreas Stieger 2015-07-02 14:19:41 UTC 
Confirmed vulnerable code is in dcraw from SLE 10 on. -> Fridrich
Confirmed vulnerable code is in ufraw on SLE 10 only, ignoring.
Confirmed vulnerable code is in netpbm on SLE 12 only -> Petr
( netpbm-10.66.3/converter/other/cameratopam/ljpeg.h )
Comment 9 Andreas Stieger 2015-07-02 14:21:41 UTC 
DoS requiring user interaction -> VUL-1
Comment 15 Swamp Workflow Management 2017-08-30 17:28:52 UTC 
SUSE-SU-2017:2300-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1039209,1039210,1039379,1039380,930683,957517
CVE References: CVE-2015-3885,CVE-2015-8367,CVE-2017-6886,CVE-2017-6887,CVE-2017-6889,CVE-2017-6890,CVE-2017-6899
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    libraw-0.15.4-9.2
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    libraw-0.15.4-9.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libraw-0.15.4-9.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libraw-0.15.4-9.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    libraw-0.15.4-9.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    libraw-0.15.4-9.2
Comment 16 Petr Ostadal 2022-04-07 08:34:35 UTC 
close
Comment 17 Petr Ostadal 2022-04-07 08:35:09 UTC 
.
Comment 18 Petr Ostadal 2022-04-07 08:35:20 UTC 
.