Memory Handling Vulnerability in LibRaw Affecting Multiple Platforms
CVE-2020-15503

7.5HIGH

Key Information:

Vendor: Libraw
Status: Libraw
Vendor: CVE Published:; 2 July 2020

What is CVE-2020-15503?

LibRaw prior to version 0.20-RC1 is susceptible to a vulnerability arising from a lack of validation for thumbnail size during memory allocation. Specifically, when processing images, the library fails to restrict the size of the thumbnail data, leading to potential memory corruption issues. This flaw surfaces in the decoding components, particularly in unpack_thumb.cpp, mem_image.cpp, and thumb_utils.cpp, where inappropriate sizes may be utilized for memory allocations, resulting in unpredictable behavior and increased risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.libraw.org/news/libraw-0-20-rc1

https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.2...

https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca8021...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Jul 2, 2020

JSON

Libraw

What is CVE-2020-15503?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.