Unrated severityNVD Advisory· Published Jul 2, 2020· Updated Aug 4, 2024
CVE-2020-15503
CVE-2020-15503
Description
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Affected products
46- LibRaw/LibRawdescription
- osv-coords45 versionspkg:rpm/almalinux/dleyna-rendererpkg:rpm/almalinux/frei0r-develpkg:rpm/almalinux/frei0r-pluginspkg:rpm/almalinux/frei0r-plugins-opencvpkg:rpm/almalinux/gnome-remote-desktoppkg:rpm/almalinux/gtk-docpkg:rpm/almalinux/gvfspkg:rpm/almalinux/LibRaw-develpkg:rpm/almalinux/libsouppkg:rpm/almalinux/libsoup-develpkg:rpm/almalinux/mutter-develpkg:rpm/almalinux/nautiluspkg:rpm/almalinux/nautilus-develpkg:rpm/almalinux/PackageKitpkg:rpm/almalinux/PackageKit-command-not-foundpkg:rpm/almalinux/PackageKit-cronpkg:rpm/almalinux/PackageKit-glibpkg:rpm/almalinux/PackageKit-glib-develpkg:rpm/almalinux/PackageKit-gstreamer-pluginpkg:rpm/almalinux/PackageKit-gtk3-modulepkg:rpm/almalinux/pipewirepkg:rpm/almalinux/pipewire0.2-develpkg:rpm/almalinux/pipewire0.2-libspkg:rpm/almalinux/pipewire-develpkg:rpm/almalinux/pipewire-docpkg:rpm/almalinux/pipewire-libspkg:rpm/almalinux/pipewire-utilspkg:rpm/almalinux/potracepkg:rpm/almalinux/pygobject3-develpkg:rpm/almalinux/python3-gobjectpkg:rpm/almalinux/python3-gobject-basepkg:rpm/almalinux/trackerpkg:rpm/almalinux/tracker-develpkg:rpm/almalinux/vte291pkg:rpm/almalinux/vte291-develpkg:rpm/almalinux/vte-profilepkg:rpm/almalinux/webrtc-audio-processingpkg:rpm/almalinux/xdg-desktop-portal-gtkpkg:rpm/opensuse/libraw&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libraw&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libraw&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2
< 0.6.0-3.el8+ 44 more
- (no CPE)range: < 0.6.0-3.el8
- (no CPE)range: < 1.6.1-7.el8
- (no CPE)range: < 1.6.1-7.el8
- (no CPE)range: < 1.6.1-7.el8
- (no CPE)range: < 0.1.8-3.el8
- (no CPE)range: < 1.28-2.el8
- (no CPE)range: < 1.36.2-10.el8
- (no CPE)range: < 0.19.5-2.el8
- (no CPE)range: < 2.62.3-2.el8
- (no CPE)range: < 2.62.3-2.el8
- (no CPE)range: < 3.32.2-48.el8
- (no CPE)range: < 3.28.1-14.el8
- (no CPE)range: < 3.28.1-14.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 1.1.12-6.el8
- (no CPE)range: < 0.3.6-1.el8
- (no CPE)range: < 0.2.7-6.el8
- (no CPE)range: < 0.2.7-6.el8
- (no CPE)range: < 0.3.6-1.el8
- (no CPE)range: < 0.3.6-1.el8
- (no CPE)range: < 0.3.6-1.el8
- (no CPE)range: < 0.3.6-1.el8
- (no CPE)range: < 1.15-3.el8
- (no CPE)range: < 3.28.3-2.el8
- (no CPE)range: < 3.28.3-2.el8
- (no CPE)range: < 3.28.3-2.el8
- (no CPE)range: < 2.1.5-2.el8
- (no CPE)range: < 2.1.5-2.el8
- (no CPE)range: < 0.52.4-2.el8
- (no CPE)range: < 0.52.4-2.el8
- (no CPE)range: < 0.52.4-2.el8
- (no CPE)range: < 0.3-9.el8
- (no CPE)range: < 1.6.0-1.el8
- (no CPE)range: < 0.18.9-lp151.4.3.1
- (no CPE)range: < 0.18.9-lp152.5.3.1
- (no CPE)range: < 0.20.2-4.1
- (no CPE)range: < 0.15.4-33.1
- (no CPE)range: < 0.15.4-33.1
- (no CPE)range: < 0.18.9-3.11.1
- (no CPE)range: < 0.18.9-3.11.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.htmlmitrevendor-advisory
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.htmlmitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCVKD7PTO7UQAVUTBHJAKBKYLPQQGAMZ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y34ALB34P3NGQXLF7BG7R6DGRX6XL2JN/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/11/msg00042.htmlmitremailing-list
- github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864dmitre
- github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1mitre
- www.libraw.org/news/libraw-0-20-rc1mitre
News mentions
0No linked articles in our index yet.