LibRaw 0.20 Beta 1

CPE Details

LibRaw 0.20 Beta 1
libraw
libraw
0.20
2020-07-09
15h48 +00:00
2020-07-09
15h48 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libraw:libraw:0.20:beta1:*:*:*:*:*:*

Informations

Vendor

libraw

Product

libraw

Version

0.20

Update

beta1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-1729 2023-05-14 22h00 +00:00 A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
6.5
Medium
CVE-2020-24870 2021-06-02 13h32 +00:00 Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
8.8
High
CVE-2020-24889 2020-09-16 12h55 +00:00 A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
7.8
High
CVE-2020-15503 2020-07-01 22h00 +00:00 LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.