CVE-2020-35535

Name
CVE-2020-35535
Description
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/LibRaw/LibRaw/issues/283
MISC https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libraw:libraw:0.20.1:*:*:*:*:*:*:* libraw == None == 0.20.1
cpe:2.3:a:libraw:libraw:0.21.0:beta1:*:*:*:*:*:* libraw == None == 0.21.0
cpe:2.3:a:libraw:libraw:0.20.2:*:*:*:*:*:*:* libraw == None == 0.20.2
cpe:2.3:a:libraw:libraw:0.20.0:rc2:*:*:*:*:*:* libraw == None == 0.20.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libraw edge-community 0.20.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libraw 3.16-community 0.20.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable