CVE-2020-15503

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*
cpe:2.3:a:libraw:libraw:0.20:beta1:*:*:*:*:*:*
cpe:2.3:a:libraw:libraw:0.20:beta2:*:*:*:*:*:*
cpe:2.3:a:libraw:libraw:0.20:beta3:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

30 Nov 2022, 23:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html -

Information

Published : 2020-07-02 14:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-15503

Mitre link : CVE-2020-15503

CVE.ORG link : CVE-2020-15503


JSON object : View

Products Affected

fedoraproject

  • fedora

debian

  • debian_linux

libraw

  • libraw
CWE
CWE-20

Improper Input Validation