Vulnerabilities > CVE-2020-24870 - Out-of-bounds Write vulnerability in Libraw
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d
- https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d
- https://github.com/LibRaw/LibRaw/issues/330
- https://github.com/LibRaw/LibRaw/issues/330
- https://security.gentoo.org/glsa/202208-07
- https://security.gentoo.org/glsa/202208-07