CVE-2021-32142

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32142
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32142.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32142
Downstream
Related
Published
2023-02-17T18:15:10Z
Modified
2025-09-16T07:15:46.906659Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

References

Affected packages

Debian:11 / libraw

Package

Name
libraw
Purl
pkg:deb/debian/libraw?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-1+deb11u1

Affected versions

0.*

0.20.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libraw

Package

Name
libraw
Purl
pkg:deb/debian/libraw?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libraw

Package

Name
libraw
Purl
pkg:deb/debian/libraw?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / libraw

Package

Name
libraw
Purl
pkg:deb/debian/libraw?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bc3aaf4223fdb70d52d470dae65c5a7923ea2a49

Affected versions

0.*

0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
0.20-RC2
0.20.0
0.20.1
0.20.2

Database specific 

{
    "vanir_signatures": [
        {
            "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/libraw_datastream.cpp",
                "function": "LibRaw_file_datastream::gets"
            },
            "digest": {
                "length": 199.0,
                "function_hash": "81537286543682610447369285951027231239"
            },
            "id": "CVE-2021-32142-31df3fd3"
        },
        {
            "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/libraw_datastream.cpp",
                "function": "LibRaw_buffer_datastream::gets"
            },
            "digest": {
                "length": 559.0,
                "function_hash": "286491763390684630258264132505426074568"
            },
            "id": "CVE-2021-32142-85652960"
        },
        {
            "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/libraw_datastream.cpp",
                "function": "LibRaw_bigfile_datastream::gets"
            },
            "digest": {
                "length": 132.0,
                "function_hash": "125079287825345516398437667214404768579"
            },
            "id": "CVE-2021-32142-d895dd03"
        },
        {
            "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/libraw_datastream.cpp"
            },
            "digest": {
                "line_hashes": [
                    "86824672576354342994279395504079416009",
                    "208285136829749272023630488284903698110",
                    "246686468344042786203772885753692717520",
                    "156655833131235789381585821138325741479",
                    "299496342817353293845719362196388617536",
                    "97267469384921867083102630172811268428",
                    "114025178590675028232523899343171257429",
                    "153514794021984729152833380180636400734",
                    "277607046158668096422371046479095655182",
                    "236492368691662327124583659124535641868",
                    "245719843120764539298744244989077674417",
                    "284374123599808139061660728445240826041"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2021-32142-e63d56e3"
        }
    ]
}