CVE-2020-35533

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobecopypixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type: GIT
Repo: https://github.com/libraw/libraw
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a6937d4046a7c4742b683a04c8564605fd9be4fb

Affected versions

0.*

0.11.0-Release

0.11.1

0.11.2

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.14.3

0.14.4

0.14.5

0.14.6

0.15.0

0.16.0

0.17.0

0.18.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35533.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/libraw/libraw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb",
        "digest": {
            "function_hash": "189786397465748804224571890318419266390",
            "length": 2037.0
        },
        "target": {
            "file": "src/decoders/decoders_dcraw.cpp",
            "function": "LibRaw::ljpeg_start"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-35533-a8673144"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/libraw/libraw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "169956838837957557109730059690174096609",
                "107773701374697699447354895927828660976",
                "24066560648351270888693131467014129179",
                "214774432034343772806029105558014034099"
            ]
        },
        "target": {
            "file": "src/decoders/decoders_dcraw.cpp"
        },
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2020-35533-bac3dcfc"
    }
]