Debian Security Advisory DLA-3113-1: Critical Libraw File Issues
debian lts
September 16, 2022
Multiple file parsing vulnerabilities have been fixed in libraw
Summary
There is an out-of-bounds write vulnerability within the "new_node()"
function (src/x3f/x3f_utils_patched.cpp) that can be triggered via a
crafted X3F file. Reported by github user 0xfoxone.
CVE-2020-35531
An out-of-bounds read vulnerability exists within the
get_huffman_diff() function (src/x3f/x3f_utils_patched.cpp) when
reading data from an image file. Reported by github user GirlElecta.
CVE-2020-35532
An out-of-bounds read vulnerability exists within the
"simple_decode_row()" function (src/x3f/x3f_utils_patched.cpp) which
can be triggered via an image with a large row_stride field.
Reported by github user GirlElecta.
CVE-2020-35533
An out-of-bounds read vulnerability exists within the
"LibRaw::adobe_copy_pixel()" function (src/decoders/dng.cpp) when
reading data from the image file. Reported by github user GirlElecta.
For Debian 10 buster, these problems have been fixed in version
0.19.2-2+deb10u1.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: libraw
Version: 0.19.2-2+deb10u1
CVE ID: CVE-2020-35530 CVE-2020-35531 CVE-2020-35532 CVE-2020-35533
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!