First published: Mon Mar 08 2021(Updated: )
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dcraw Project Dcraw | =9.28-2 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3624 is an integer overflow vulnerability in dcraw that allows arbitrary code execution when a maliciously crafted X3F input image is processed.
CVE-2021-3624 has a severity rating of 7.8 (critical).
Versions 9.28-2 of Dcraw, and versions 9.0, 10.0, and 11.0 of Debian Linux are affected by CVE-2021-3624.
There is no available fix for CVE-2021-3624 at the moment. It is recommended to apply any official patches or updates provided by the software vendor or maintainers.
You can find more information about CVE-2021-3624 at the following link: [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761]