Launchpad.net

CVE 2015-3885

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

See the CVE page on Mitre.org for more details.