Out-of-Bounds Read Vulnerability in LibRaw Affects Image Processing
CVE-2020-35532

5.5MEDIUM

Key Information:

Vendor

Libraw

Status
Libraw
Vendor
CVE Published:
1 September 2022

What is CVE-2020-35532?

An out-of-bounds read vulnerability exists in the LibRaw image processing library within the 'simple_decode_row()' function. This vulnerability can be triggered by providing an image with a manipulated row_stride field, potentially leading to unintended data exposure or software instability. Users of LibRaw should ensure their versions are updated to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibRaw LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2

References

https://github.com/LibRaw/LibRaw/issues/271
x_refsource_MISC
https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379f...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022/09/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.