VDB

CVE-2013-1438

CVE-2013-1438 PUBLISHED

Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.

EPSS 0.51% · 66.9th percentile

Risk Scores

EPSS Score
0.51%
66.9th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSlibraw0
Ubuntu:18.04:LTSdcraw0, 9.27-1ubuntu1
Ubuntu:16.04:LTSrawtherapee0, 4.2-2build1, 4.2-4
Ubuntu:16.04:LTSdcraw0, 9.21-0.2
Ubuntu:14.04:LTSufraw0
Ubuntu:25.10rawtherapee0, 5.11-2build2
Ubuntu:20.04:LTSrawtherapee0, 5.6-1, 5.7-1
Ubuntu:18.04:LTSrawtherapee5.2-1, 5.3-1, 0
Ubuntu:24.04:LTSrawtherapee0, 5.9-2, 5.9-1build1
Ubuntu:22.04:LTSrawtherapee0, 5.8-3

Timeline

  • Aug 30, 2013 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 16, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›