QwikSec

Security Database

CVE

CWE

Training

CVE-2020-15503

Published: Jul 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.libraw.org/news/libraw-0-20-rc1

https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1

https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d

FEDORA-2020-f421eea477

vendor-advisory

FEDORA-2020-f407db0e65

vendor-advisory

FEDORA-2020-4f4c778096

vendor-advisory

FEDORA-2020-07f0a49a9e

vendor-advisory

openSUSE-SU-2020:1088

vendor-advisory

openSUSE-SU-2020:1128

vendor-advisory

FEDORA-2020-ed284fd64b

vendor-advisory

FEDORA-2020-c6fa12cfb1

vendor-advisory

[debian-lts-announce] 20221130 [SECURITY] [DLA 3214-1] libraw security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.