CVE-2013-2126

Name: CVE-2013-2126
Creator: NVD / NIST
Published: 2013-08-14T15:55:06.92+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.41%

Last modified Jun 16, 2026

CVE-2013-2126 is a vulnerability of currently unknown severity. Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.. EPSS estimates a 4.41% chance of exploitation in the next 30 days.

Description

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

Metrics

EPSS Probability

4.41%

90.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Libraw	Libraw	<= 0.15.1
Libraw	Libraw	0.15.0
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	12.10
Canonical	Ubuntu Linux	13.04
Opensuse	Opensuse	12.2
Opensuse	Opensuse	12.3

References

Timeline

Published: Aug 14, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-2126?

How severe is CVE-2013-2126?

Severity scoring for CVE-2013-2126 is pending analysis. The EPSS model estimates a 4.41% probability of exploitation in the next 30 days.

How do I fix CVE-2013-2126?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2126?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST