Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-22628

Published: 22/08/2023 Updated: 10/09/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Libraw

Vulnerability Summary

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (CVE-2020-22628) In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. (CVE-2020-35530) In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. (CVE-2020-35531) In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. (CVE-2020-35532) Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows malicious user to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Vulnerable Product Search on Vulmon Subscribe to Product

libraw libraw

Vendor Advisories

Amazon Linux 2: ALAS2-2023-2256
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratiocpp (CVE-2020-22628) In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patchedcpp) that can be triggered via a crafted X3F file (CVE-2020-35530) In LibRaw, an out-of-bounds read v ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratiocpp ...

References

CWE-125https://github.com/LibRaw/LibRaw/issues/269https://lists.debian.org/debian-lts-announce/2023/09/msg00007.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2256.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook