Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dave_coffin | dcraw | 0.8.7 |
| dave_coffin | dcraw | 0.8.1 |
| dave_coffin | dcraw | 0.8.6 |
| dave_coffin | dcraw | 0.8.4 |
| dave_coffin | dcraw | 0.8.3 |
| dave_coffin | dcraw | 0.8.8 |
| dave_coffin | dcraw | 0.8.2 |
| dave_coffin | dcraw | 0.8.9 |
| dave_coffin | dcraw | 0.8.5 |
| dave_coffin | dcraw | 0.8.0 |