VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 19, 2014· Updated Apr 29, 2026

CVE-2013-1438

CVE-2013-1438

Description

Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.

Affected products

10
  • Dcraw Project/Dcraw10 versions
    cpe:2.3:a:dave_coffin:dcraw:0.8.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:dave_coffin:dcraw:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:dave_coffin:dcraw:0.8.9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.