Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-2256

Related Vulnerabilities: CVE-2020-22628   CVE-2020-35530   CVE-2020-35531   CVE-2020-35532   CVE-2021-32142  

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (CVE-2020-22628) In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. (CVE-2020-35530) In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. (CVE-2020-35531) In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. (CVE-2020-35532) Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Source

ALAS2-2023-2256

Amazon Linux 2 Security Advisory: ALAS-2023-2256
Advisory Release Date: 2023-09-13 23:44 Pacific
Advisory Updated Date: 2023-09-20 19:40 Pacific
Severity: Medium
Issue Overview:

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (CVE-2020-22628)

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. (CVE-2020-35530)

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. (CVE-2020-35531)

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. (CVE-2020-35532)

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)


Affected Packages:

LibRaw


Issue Correction:
Run yum update LibRaw to update your system.

New Packages:
aarch64:
    LibRaw-0.19.4-1.amzn2.0.2.aarch64
    LibRaw-devel-0.19.4-1.amzn2.0.2.aarch64
    LibRaw-static-0.19.4-1.amzn2.0.2.aarch64
    LibRaw-debuginfo-0.19.4-1.amzn2.0.2.aarch64

i686:
    LibRaw-0.19.4-1.amzn2.0.2.i686
    LibRaw-devel-0.19.4-1.amzn2.0.2.i686
    LibRaw-static-0.19.4-1.amzn2.0.2.i686
    LibRaw-debuginfo-0.19.4-1.amzn2.0.2.i686

src:
    LibRaw-0.19.4-1.amzn2.0.2.src

x86_64:
    LibRaw-0.19.4-1.amzn2.0.2.x86_64
    LibRaw-devel-0.19.4-1.amzn2.0.2.x86_64
    LibRaw-static-0.19.4-1.amzn2.0.2.x86_64
    LibRaw-debuginfo-0.19.4-1.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2020-22628, CVE-2020-35530, CVE-2020-35531, CVE-2020-35532, CVE-2021-32142

Mitre: CVE-2020-22628, CVE-2020-35530, CVE-2020-35531, CVE-2020-35532, CVE-2021-32142

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started