Vulnerabilities > CVE-2020-35530 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

libraw

debian

CWE-787

NVD

Published: 2022-09-01

Updated: 2022-09-29

Summary

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

Vulnerable Configurations

Part	Description	Count
Application	Libraw Libraw Libraw 0.20.1 Libraw Libraw 0.21.0 Libraw Libraw 0.20.2 Libraw Libraw 0.20.0	5
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb
https://github.com/LibRaw/LibRaw/issues/272
https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html