Vulnerability Details CVE-2020-35530
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.6%
CVSS Severity
CVSS v3 Score 5.5
References
- https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb
- https://github.com/LibRaw/LibRaw/issues/272
- https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html
- https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb
- https://github.com/LibRaw/LibRaw/issues/272
- https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html
Products affected by CVE-2020-35530
-
cpe:2.3:a:libraw:libraw:0.20.0
-
cpe:2.3:a:libraw:libraw:0.20.1
-
cpe:2.3:a:libraw:libraw:0.20.2
-
cpe:2.3:a:libraw:libraw:0.21.0
-
cpe:2.3:o:debian:debian_linux:10.0