CVE-2020-15365 — Out-of-bounds Write in Libraw

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libraw Debian Libraw

Timeline

PublishedJun 28

Latest updateMay 24

Description

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibraw/libraw0.20

▶debiandebian/libraw

🔴Vulnerability Details

GHSA

GHSA-x3r5-4qvw-fphx: LibRaw before 0↗2022-05-24

▶

OSV

CVE-2020-15365: LibRaw before 0↗2020-06-28

▶

📋Vendor Advisories

Red Hat

LibRaw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp↗2020-06-15

▶

Debian

CVE-2020-15365: libraw - LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\...↗2020

▶

💬Community

Bugzilla

CVE-2020-15365 LibRaw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp↗2020-06-29

▶

Bugzilla

CVE-2020-15365 LibRaw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp [fedora-all]↗2020-06-29

▶

Bugzilla

CVE-2020-15365 mingw-LibRaw: libraw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp [fedora-all]↗2020-06-29

▶