It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being passed to longjmp. This is a different issue than CVE-2013-1438 /DSA-2748-1.

For the oldstable distribution (squeeze), this problem has been fixed in version 0.8.1-3+deb6u3. For the stable distribution (wheezy), this problem has been fixed in version 0.8.5-5+deb7u3. For the testing distribution (jessie) and the unstable distribution (sid), this problem has been fixed in version 0.8.9-2. We recommend that you upgrade your exactimage packages.

ExactImage is a fast C++ image processing library. Unlike many other library frameworks it allows operation in several color spaces and bit depths natively, resulting in low memory and computational requirements.

exactimage on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2754.html

---

Updated on 2015-03-25