Vulnerabilities > CVE-2020-15365 - Out-of-bounds Write vulnerability in Libraw 0.20

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

libraw

CWE-787

NVD

Published: 2020-06-28

Updated: 2020-07-06

Summary

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

Vulnerable Configurations

Part	Description	Count
Application	Libraw Libraw Libraw 0.20	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/LibRaw/LibRaw/compare/0.20-Beta2...0.20-Beta3
https://github.com/LibRaw/LibRaw/issues/301