CVE-2020-15503

Опубликовано: 02 июл. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html
Broken Link
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html
Broken Link
Mailing List
Third Party Advisory
https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
Patch
Third Party Advisory
https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCVKD7PTO7UQAVUTBHJAKBKYLPQQGAMZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y34ALB34P3NGQXLF7BG7R6DGRX6XL2JN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/
https://www.libraw.org/news/libraw-0-20-rc1
Broken Link
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html
Broken Link
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html
Broken Link
Mailing List
Third Party Advisory
https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
Patch
Third Party Advisory
https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*

Версия до 0.19.5 (включая)

cpe:2.3:a:libraw:libraw:0.20:beta1:*:*:*:*:*:*

cpe:2.3:a:libraw:libraw:0.20:beta2:*:*:*:*:*:*

cpe:2.3:a:libraw:libraw:0.20:beta3:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.0077

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-15503

CVSS3: 7.5

ubuntu

около 5 лет назад

CVE-2020-15503

CVSS3: 7.5

redhat

около 5 лет назад

CVE-2020-15503

CVSS3: 7.5

msrc

около 1 года назад

Описание отсутствует

CVE-2020-15503

CVSS3: 7.5

debian

около 5 лет назад

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...

openSUSE-SU-2020:1128-1

suse-cvrf

около 5 лет назад

Security update for libraw

EPSS

Процентиль: 73%

0.0077

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20