CVE-2013-2126 - OpenCVE

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Libraw	Libraw
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:a:libraw:libraw::::::::
	cpe:2.3:a:libraw:libraw:0.15.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html
http://secunia.com/advisories/53547	Vendor Advisory
http://secunia.com/advisories/53883	Vendor Advisory
http://secunia.com/advisories/53888	Vendor Advisory
http://secunia.com/advisories/53938
http://www.libraw.org/news/libraw-0-15-2
http://www.openwall.com/lists/oss-security/2013/05/29/7
http://www.openwall.com/lists/oss-security/2013/06/10/1
http://www.ubuntu.com/usn/USN-1884-1
http://www.ubuntu.com/usn/USN-1885-1
https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6	Exploit Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:02

Updated: 2022-10-03T16:15:02

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-2126

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-08-14T15:55:06.920

Modified: 2018-10-30T16:27:34.373

Link: CVE-2013-2126

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "53883", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53883"}, {"name": "53547", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53547"}, {"name": "USN-1884-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1884-1"}, {"name": "USN-1885-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1885-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.libraw.org/news/libraw-0-15-2"}, {"name": "openSUSE-SU-2013:1085", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6"}, {"name": "[oss-security] 20130529 Re: CVE request: libraw: multiple issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/29/7"}, {"name": "openSUSE-SU-2013:1083", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html"}, {"name": "53938", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53938"}, {"name": "[oss-security] 20130610 Re: CVE request: libraw: multiple issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/06/10/1"}, {"name": "53888", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53888"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "53883", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53883"}, {"name": "53547", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53547"}, {"name": "USN-1884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1884-1"}, {"name": "USN-1885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1885-1"}, {"name": "http://www.libraw.org/news/libraw-0-15-2", "refsource": "CONFIRM", "url": "http://www.libraw.org/news/libraw-0-15-2"}, {"name": "openSUSE-SU-2013:1085", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html"}, {"name": "https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6", "refsource": "CONFIRM", "url": "https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6"}, {"name": "[oss-security] 20130529 Re: CVE request: libraw: multiple issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/05/29/7"}, {"name": "openSUSE-SU-2013:1083", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html"}, {"name": "53938", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53938"}, {"name": "[oss-security] 20130610 Re: CVE request: libraw: multiple issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/06/10/1"}, {"name": "53888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53888"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2126", "datePublished": "2022-10-03T16:15:02", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", "matchCriteriaId": "9703F8F1-AE57-4D92-A896-8815B4CAD30B", "versionEndIncluding": "0.15.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "25844B56-0F72-4FAA-9179-19659142A8C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de doble liberaci\u00f3n en la funci\u00f3n LibRaw::unpack en libraw_cxx.cpp en LibRaw anterior a v0.15.2, permite a atacantes, dependiendo del contexto, provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero malformado a todo color (1) Foveon o (2) imagen sRAW."}], "id": "CVE-2013-2126", "lastModified": "2018-10-30T16:27:34.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-14T15:55:06.920", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00195.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53547"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53883"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53888"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/53938"}, {"source": "secalert@redhat.com", "url": "http://www.libraw.org/news/libraw-0-15-2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/29/7"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/10/1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1884-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1885-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}