OESA-2024-1446

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1446
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1446.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-1446
Upstream
Published
2024-04-12T11:07:43Z
Modified
2025-08-12T05:35:06.965671Z
Summary
LibRaw security update
Details

LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data.

Security Fix(es):

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.(CVE-2021-32142)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / LibRaw

Package

Name
LibRaw
Purl
pkg:rpm/openEuler/LibRaw&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-7.oe2203sp1

Ecosystem specific

{
    "aarch64": [
        "LibRaw-debugsource-0.20.2-7.oe2203sp1.aarch64.rpm",
        "LibRaw-0.20.2-7.oe2203sp1.aarch64.rpm",
        "LibRaw-debuginfo-0.20.2-7.oe2203sp1.aarch64.rpm",
        "LibRaw-devel-0.20.2-7.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "LibRaw-debuginfo-0.20.2-7.oe2203sp1.x86_64.rpm",
        "LibRaw-debugsource-0.20.2-7.oe2203sp1.x86_64.rpm",
        "LibRaw-0.20.2-7.oe2203sp1.x86_64.rpm",
        "LibRaw-devel-0.20.2-7.oe2203sp1.x86_64.rpm"
    ],
    "src": [
        "LibRaw-0.20.2-7.oe2203sp1.src.rpm"
    ]
}