CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22628
https://notcve.org/view.php?id=CVE-2020-22628
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Vulnerabilidad de desbordamiento de búfer en la función LibRaw::stretch() en libraw\src\postprocessing\aspect_ratio.cpp. • https://github.com/LibRaw/LibRaw/issues/269 https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 https://github.com/LibRaw/LibRaw/issues/557 https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY https://security.gentoo.org/glsa/202312-08 https://www.debian.org/security/2023/dsa-5412 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24870 – LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
https://notcve.org/view.php?id=CVE-2020-24870
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. Libraw versiones anteriores a 0.20.1, tiene un desbordamiento del búfer de lapila por medio de la función LibRaw::identify_process_dng_fields en el archivo identify.cpp A stack buffer overflow vulnerability was found in LibRaw. This flaw allows a malicious user to send a crafted image that, when parsed by an application linked to LibRaw, leads to a denial of service or potential code execution. • https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d https://github.com/LibRaw/LibRaw/issues/330 https://security.gentoo.org/glsa/202208-07 https://access.redhat.com/security/cve/CVE-2020-24870 https://bugzilla.redhat.com/show_bug.cgi?id=1928794 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24889
https://notcve.org/view.php?id=CVE-2020-24889
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Una vulnerabilidad de desbordamiento de búfer en LibRaw versiones anteriores a 20.0, la función LibRaw::GetNormalizedModel en el archivo src/metadata/normalize_model.cpp puede conllevar a una ejecución de código arbitraria dependiendo del contexto • https://github.com/LibRaw/LibRaw/issues/334 https://security.gentoo.org/glsa/202010-05 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15503 – LibRaw: lack of thumbnail size range check can lead to buffer overflow
https://notcve.org/view.php?id=CVE-2020-15503
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. LibRaw versiones anteriores a 0.20-RC1, carece de una comprobación de rango de tamaño de miniaturas. Esto afecta a los archivos decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, y utils/thumb_utils.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1 https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62 https://lists.fedoraproject.org/ • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •