CVE-2020-35530

Name
CVE-2020-35530
Description
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb
MISC https://github.com/LibRaw/LibRaw/issues/272

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libraw:libraw:0.20.1:*:*:*:*:*:*:* libraw == None == 0.20.1
cpe:2.3:a:libraw:libraw:0.21.0:beta1:*:*:*:*:*:* libraw == None == 0.21.0
cpe:2.3:a:libraw:libraw:0.20.2:*:*:*:*:*:*:* libraw == None == 0.20.2
cpe:2.3:a:libraw:libraw:0.20.0:rc2:*:*:*:*:*:* libraw == None == 0.20.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libraw 3.16-community 0.20.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libraw 3.17-community 0.20.2-r2 Natanael Copa <ncopa@alpinelinux.org> fixed