Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2020-35532

Published: 01/09/2022 Updated: 29/09/2022
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Libraw

Vulnerability Summary

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (CVE-2020-22628) In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. (CVE-2020-35530) In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. (CVE-2020-35531) In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. (CVE-2020-35532) Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows malicious user to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libraw libraw 0.20.1

libraw libraw 0.21.0

libraw libraw 0.20.2

libraw libraw 0.20.0

debian debian linux 10.0

Vendor Advisories

Amazon Linux 2: ALAS2-2023-2256
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratiocpp (CVE-2020-22628) In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patchedcpp) that can be triggered via a crafted X3F file (CVE-2020-35530) In LibRaw, an out-of-bounds read v ...

References

CWE-125https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1ehttps://github.com/LibRaw/LibRaw/issues/271https://lists.debian.org/debian-lts-announce/2022/09/msg00024.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2256.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook