CVE-2020-35532 - OpenCVE

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Libraw	Libraw

Configuration 1 [-]

OR	cpe:2.3:a:libraw:libraw:0.20.0:-::::::
	cpe:2.3:a:libraw:libraw:0.20.0:rc2::::::
	cpe:2.3:a:libraw:libraw:0.20.1:::::::*
	cpe:2.3:a:libraw:libraw:0.20.2:::::::*
	cpe:2.3:a:libraw:libraw:0.21.0:beta1::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e	Patch Third Party Advisory
https://github.com/LibRaw/LibRaw/issues/271	Exploit Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-09-01T17:51:59

Updated: 2022-09-16T12:06:13

Reserved: 2020-12-17T00:00:00

Link: CVE-2020-35532

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-01T18:15:08.870

Modified: 2022-09-29T16:29:46.417

Link: CVE-2020-35532

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "LibRaw", "vendor": "n/a", "versions": [{"status": "affected", "version": "LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2"}]}], "descriptions": [{"lang": "en", "value": "In LibRaw, an out-of-bounds read vulnerability exists within the \"simple_decode_row()\" function (libraw\\src\\x3f\\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T12:06:13", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/LibRaw/LibRaw/issues/271"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e"}, {"name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3113-1] libraw security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35532", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibRaw", "version": {"version_data": [{"version_value": "LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In LibRaw, an out-of-bounds read vulnerability exists within the \"simple_decode_row()\" function (libraw\\src\\x3f\\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125"}]}]}, "references": {"reference_data": [{"name": "https://github.com/LibRaw/LibRaw/issues/271", "refsource": "MISC", "url": "https://github.com/LibRaw/LibRaw/issues/271"}, {"name": "https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e", "refsource": "MISC", "url": "https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e"}, {"name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3113-1] libraw security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35532", "datePublished": "2022-09-01T17:51:59", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2022-09-16T12:06:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libraw:libraw:0.20.0:-:*:*:*:*:*:*", "matchCriteriaId": "E00F0C8F-11AC-42B2-8D85-27028B41EBF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.20.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4B8669B-CE7F-47D2-9111-E7787EAD6E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "8269B02E-558F-4AA5-9EEA-87226A3D1816", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "06DBABB8-8921-4E8B-B9E5-FFE6CCE79EB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.21.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "36C296E2-1899-457B-9EB2-916A33E383C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In LibRaw, an out-of-bounds read vulnerability exists within the \"simple_decode_row()\" function (libraw\\src\\x3f\\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field."}, {"lang": "es", "value": "En LibRaw, se presenta una vulnerabilidad de lectura fuera de l\u00edmites dentro de la funci\u00f3n \"simple_decode_row()\" (libraw\\src\\x3f\\x3f_utils_patched.cpp) que puede desencadenarse por medio de una imagen con un campo row_stride grande"}], "id": "CVE-2020-35532", "lastModified": "2022-09-29T16:29:46.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T18:15:08.870", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/LibRaw/LibRaw/issues/271"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}