CVE-2020-35532

Name
CVE-2020-35532
Description
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e
MISC https://github.com/LibRaw/LibRaw/issues/271

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libraw:libraw:0.20.1:*:*:*:*:*:*:* libraw == None == 0.20.1
cpe:2.3:a:libraw:libraw:0.21.0:beta1:*:*:*:*:*:* libraw == None == 0.21.0
cpe:2.3:a:libraw:libraw:0.20.2:*:*:*:*:*:*:* libraw == None == 0.20.2
cpe:2.3:a:libraw:libraw:0.20.0:rc2:*:*:*:*:*:* libraw == None == 0.20.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libraw edge-community 0.20.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libraw 3.16-community 0.20.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable