CVE-2020-35535

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-35535
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35535.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-35535
Downstream
Published
2022-09-01T18:15:09Z
Modified
2025-10-15T12:18:21.492104Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c243f4539233053466c1309bde606815351bee81

Affected versions

0.*

0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81",
        "signature_version": "v1",
        "target": {
            "file": "src/metadata/sony.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "316649154521154265745370842671483245730",
                "46052661576219292872557671107555330998",
                "173851526752824635388924165099141683251",
                "196769683903570661941151779568967305976",
                "99094482000882616887676601240643145773",
                "41815141875130937553340082989746287353",
                "151208889879429536610900919417466238703",
                "66851803985202017028181686683431481095",
                "254503801112876348429478987905860514643",
                "56197621776429877809978005276839258813",
                "145053387336975255450009327239251641678",
                "252080806012173373960804766179021620215",
                "37334134465639751245591928924748561726",
                "274945684524724072611129202985683763142",
                "42660072194536593663544740062411066128",
                "319797906161590061649899690643439225361",
                "53042025517450275660081557263880935261",
                "251998534208401179125283711359653023443",
                "329164260646271292658779488603635114291",
                "4514349758503672324808189565697900497",
                "276953912327184160064571410386526236080",
                "71027313906189056939296465472340833009",
                "282984467181258294626380802218929845187",
                "326009577854159913712869642042307548473",
                "101977803710442791054043509426715366221",
                "83803966047180311966728131300623593245",
                "340244727769302136078076274922184943289",
                "213884940653998016033633234078397518822",
                "309467969980818874114962873944629241058",
                "95408857200109053151294896765164362939",
                "61475237784360663184305707459540277087",
                "37656735866936651163580875994491990603",
                "255202831789107321331115261020284796190",
                "90732817309926387964175813493364890889",
                "57661758461393019607139327251088616890",
                "87996951190480407033882620334938625564",
                "214240076647537385562524328639009604339",
                "178820106047217187799879906772742313115",
                "19791867730315990759172333882556992775",
                "126914549517833815883673643665004394771",
                "151373155570684929160952816974725659852",
                "660788627461548715776271839036210662",
                "246123869556705195528213203956323195574",
                "317363096546185437175923233401032246333",
                "220082866893440308371226021730130579977",
                "154283626414383079011918026303900852673",
                "234442245596831514823829269078373156828",
                "83830807024276180881755028461020797635",
                "172371806015643346194504519375554713927",
                "48886623852267927916326318705378007769",
                "219327810090208485258804122627829850596",
                "310111242252683101206143686548166567842",
                "166371791870311546007047462024774462009",
                "187037217257734110238050413695734154825",
                "135343167348669828903169574994314946617",
                "180862797203469424275736188879388859643",
                "197550583508215095027795225720012666772",
                "324415353024708912240052038141816479318",
                "104307975438036801054099356311375980685",
                "269966244718110745941562467331383074271",
                "245122851665487316705046865649199301740",
                "162780501833354888078546347941532226584",
                "19495562899828367043128949258691813630",
                "165242024130268600537097728760805635910",
                "104234364971346619258022949239067390088",
                "48332622226345711699154714880663216604",
                "335704585402769398794738013309846189156",
                "34684080726088044730250046436112653849",
                "149411789027242098039508738038226349341",
                "157489640915516552573132225078870423654",
                "276777016703798063557465469372435712386",
                "326994671312149092196912008095073154031",
                "302058406674348548228671855450434858793",
                "263877132801500374608531338492683586032",
                "108587633537507210242609878158511307392",
                "108587633537507210242609878158511307392",
                "87374255849661096955147283990421243903",
                "200018920390026010187262818830822452083",
                "211208014924509746198486287980029249234",
                "4434966343203394026554147462598578898",
                "190496518971077527543254646561348450076",
                "38092980896467188567046279985605798897",
                "8722419110510572662066101352894870336",
                "113110028033537179117534661902490241788",
                "47810524310690883918816444481679355693",
                "19368351790609190001396192824809507160",
                "273459090778645643394758136497897364985",
                "189557052929668182334885539843497503653",
                "241591983626504435822093474381427299054",
                "200998678365403977757950505197106600583",
                "23374726291490454207132526043931055032",
                "300052245752865189134158924507824476585",
                "317386681760824873469319947095193588062",
                "271517567503125763674819742364172711109",
                "338295806657554816469867308296242816885",
                "55830581631634625741236567313047010184",
                "57535906938289946191639668093536971945",
                "68729814482366585393368248560424150703",
                "219926923502918138769429468954083979662",
                "333956041535528773487966603284392293183",
                "29405079780120819790348524546902543236",
                "39389128892255574088950398062611998314",
                "239825601200775327031474528877788174675",
                "167043146693298126061514505958617457186",
                "247099358747931945037431489150945823700",
                "204546219330068226175315459197794144163",
                "113677640955019150888109755735677673924",
                "183621375590788407377910055629293819672",
                "259551223267396262094537903215403153166",
                "17390960073133957664162122567197553933",
                "12609618981181033468800764398073803856",
                "320349939086085918108591888073733668081",
                "65524964548398313603688485331312277583",
                "129954042094695102369950954182751957269",
                "143508086616683471115071605324633612574",
                "258022394088577106283795330596546876565",
                "93728355049263162954061760251971707874",
                "217757434896733779703441820993131721611",
                "195304856574148835469825061821872353112",
                "57257392547751187524916959267593665849",
                "217095406291626438399461037827509695166"
            ]
        },
        "id": "CVE-2020-35535-10b2a2a5"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81",
        "signature_version": "v1",
        "target": {
            "function": "LibRaw::parseSonySRF",
            "file": "src/metadata/sony.cpp"
        },
        "digest": {
            "function_hash": "332817766350570600695621536726892071554",
            "length": 3131.0
        },
        "id": "CVE-2020-35535-4babbd97"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81",
        "signature_version": "v1",
        "target": {
            "function": "LibRaw::parseSonySR2",
            "file": "src/metadata/sony.cpp"
        },
        "digest": {
            "function_hash": "37495140435446563446574136542006398379",
            "length": 3639.0
        },
        "id": "CVE-2020-35535-77ecd092"
    }
]