CVE-2020-35530

Published: Sep 1, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

Vendor	Product	Versions
n/a	LibRaw	affected `LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2`

Weaknesses (CWE)

CWE-787

References

https://github.com/LibRaw/LibRaw/issues/272

x_refsource_MISC

https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb

x_refsource_MISC

[debian-lts-announce] 20220916 [SECURITY] [DLA 3113-1] libraw security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35530

Description

Affected Products

Weaknesses (CWE)

References