{"id":"UBUNTU-CVE-2015-3885","details":"Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.","modified":"2026-05-20T16:05:37.634718587Z","published":"2015-05-19T00:00:00Z","related":["USN-3492-1"],"upstream":["CVE-2015-3885"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3885"},{"type":"REPORT","url":"http://www.ocert.org/advisories/ocert-2015-006.html"},{"type":"REPORT","url":"https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3492-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-3885"}],"affected":[{"package":{"name":"libraw","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libraw?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.4-1ubuntu0.1"}]}],"versions":["0.15.3-1ubuntu1","0.15.4-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.15.4-1ubuntu0.1","binary_name":"libraw-bin"},{"binary_version":"0.15.4-1ubuntu0.1","binary_name":"libraw9"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json"}},{"package":{"name":"freeimage","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/freeimage?arch=source&distro=trusty%2Fesm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15.4-3ubuntu0.1+esm2"}]}],"versions":["3.15.1-2build1","3.15.1-2build2","3.15.4-2","3.15.4-3","3.15.4-3ubuntu0.1","3.15.4-3ubuntu0.1+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.15.4-3ubuntu0.1+esm2","binary_name":"libfreeimage3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json"}},{"package":{"name":"dcraw","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/dcraw?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.21-0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"9.21-0.2","binary_name":"dcraw"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json"}},{"package":{"name":"kodi","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/kodi?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["15.1+dfsg1-3","15.2+dfsg1-1build1","15.2+dfsg1-3","15.2+dfsg1-3ubuntu1","15.2+dfsg1-3ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-bin"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-data"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-eventclients-common"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-eventclients-j2me"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-eventclients-kodi-send"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-eventclients-ps3"},{"binary_version":"15.2+dfsg1-3ubuntu1.1","binary_name":"kodi-eventclients-wiiremote"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json"}},{"package":{"name":"kodi","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/kodi?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:20.2+dfsg-4","2:20.2+dfsg-4build1","2:20.2+dfsg-4build2","2:20.2+dfsg-4ubuntu1","2:20.3+dfsg-1","2:20.4+dfsg-1","2:20.5+dfsg-1build2","2:20.5+dfsg-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-addons-dev-common"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-bin"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-data"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-common"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-dev-common"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-kodi-send"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-ps3"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-python"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-wiiremote"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-eventclients-zeroconf"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-repository-kodi"},{"binary_version":"2:20.5+dfsg-1ubuntu1","binary_name":"kodi-tools-texturepacker"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json"}},{"package":{"name":"kodi","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/kodi?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:21.2+dfsg-4build2","2:21.2+dfsg-4build3","2:21.2+dfsg-5","2:21.3+dfsg-1","2:21.3+dfsg-1build1","2:21.3+dfsg-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-addons-dev-common"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-bin"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-data"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-common"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-dev-common"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-kodi-send"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-ps3"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-python"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-wiiremote"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-eventclients-zeroconf"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-repository-kodi"},{"binary_version":"2:21.3+dfsg-1ubuntu1","binary_name":"kodi-tools-texturepacker"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3885.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"negligible"}]}