Unrated severityNVD Advisory· Published Aug 14, 2013· Updated Apr 29, 2026

CVE-2013-2126

Description

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

Affected products

Libraw/Libraw2 versions
cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*range: <=0.15.1
- cpe:2.3:a:libraw:libraw:0.15.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

Patches

19ffddb0fe1a

https://github.com/LibRaw/LibRawvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6nvdExploitPatch
secunia.com/advisories/53547nvdVendor Advisory
secunia.com/advisories/53883nvdVendor Advisory
secunia.com/advisories/53888nvdVendor Advisory
lists.opensuse.org/opensuse-updates/2013-06/msg00193.htmlnvd
lists.opensuse.org/opensuse-updates/2013-06/msg00195.htmlnvd
secunia.com/advisories/53938nvd
www.libraw.org/news/libraw-0-15-2nvd
www.openwall.com/lists/oss-security/2013/05/29/7nvd
www.openwall.com/lists/oss-security/2013/06/10/1nvd
www.ubuntu.com/usn/USN-1884-1nvd
www.ubuntu.com/usn/USN-1885-1nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000