Debian 10260 Published by

An exactimage update has been released for Debian 6 LTS



Package : exactimage
Version : 0.8.1-3+deb6u4
CVE ID : CVE-2015-3885
Debian Bug : 786785

A vulnerability has been discovered in the ExactImage image manipulation
programs.

CVE-2015-3885

Eduardo Castellanos discovered an Integer overflow in the dcraw version
included in ExactImage. This vulnerability allows remote attackers to
cause a denial of service (crash) via a crafted image.

For the oldoldstable distribution (squeeze), these problems have been fixed in
version 0.8.1-3+deb6u4.

For the oldstable, stable, and testing distributions, these problems will be
fixed soon.