LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Feb 2023, 21:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCVKD7PTO7UQAVUTBHJAKBKYLPQQGAMZ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y34ALB34P3NGQXLF7BG7R6DGRX6XL2JN/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html - Broken Link, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1 - Release Notes, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html - Broken Link, Mailing List, Third Party Advisory | |
References | (MISC) https://www.libraw.org/news/libraw-0-20-rc1 - Broken Link, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/ - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
30 Nov 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-02 14:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-15503
Mitre link : CVE-2020-15503
CVE.ORG link : CVE-2020-15503
JSON object : View
Products Affected
debian
- debian_linux
libraw
- libraw
fedoraproject
- fedora
CWE
CWE-20
Improper Input Validation