{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-29T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "DSA-2748", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2748"}, {"name": "62060", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62060"}, {"name": "[oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2013-1438", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2748", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2748"}, {"name": "62060", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62060"}, {"name": "[oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:04:48.383Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2748", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2748"}, {"name": "62060", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62060"}, {"name": "[oss-security] 20130829 [notification] libraw: multiple denial of service vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2013-1438", "datePublished": "2014-01-19T16:00:00", "dateReserved": "2013-01-26T00:00:00", "dateUpdated": "2024-08-06T15:04:48.383Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F5B8F8B-571F-4E99-8796-C1FB51F17B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E2E58321-D1BB-4F79-AAB2-9A6AF74DC7DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "9126BA52-8261-4AF6-B086-EDD1FEF76781", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "935C59A2-3BF9-4BF9-914F-313944C29419", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E6B6F87-582A-4CA7-8FB6-1046FF5A7EF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "98DD84BC-C49B-4591-848F-EE1331889A6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "849AB4DD-7512-4513-BAFD-06A42900B4CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "93AC4C73-3EE0-439E-821F-3FEA44189AC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A921C503-7B44-421F-9AF0-0BD2BE05BA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:dave_coffin:dcraw:0.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "ACDC079C-306F-4A91-A892-9DD23CA03C5F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference."}, {"lang": "es", "value": "Vulnerabilidad no especificada en dcraw 0.8.x hasta 0.8.9, utilizado en libraw, ufraw, shotwell y otros productos, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo fotogr\u00e1fico manipulado que desencadena un (1) divide-by-zero, (2) bucle infinito, o (3) referencia a puntero nulo."}], "id": "CVE-2013-1438", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-01-19T18:02:56.600", "references": [{"source": "security@debian.org", "url": "http://www.debian.org/security/2013/dsa-2748"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"source": "security@debian.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/62060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/08/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/62060"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "LibRaw: multiple denial of service flaws", "id": "1002714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002714"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference."], "name": "CVE-2013-1438", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "dcraw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-08-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1438\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1438"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}