CVE-2020-24889 libraw: buffer overflow vulnerability in LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution
Product:
[Other] Security Response
Reporter:
Dhananjay Arunesh <darunesh>
Component:
vulnerability
Assignee:
Red Hat Product Security <security-response-team>
Status:
CLOSED
NOTABUG
QA Contact:
Severity:
medium
Docs Contact:
Priority:
medium
Version:
unspecified
CC:
dchen, debarshir, gwync, hobbes1069, jridky, manisandro, nphilipp, siddharth.kde, siddhesh, than
DescriptionDhananjay Arunesh
2020-09-24 10:46:27 UTC
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
References:
https://github.com/LibRaw/LibRaw/issues/334
Comment 1Dhananjay Arunesh
2020-09-24 10:49:51 UTC
Created LibRaw tracking bugs for this issue:
Affects: epel-6 [bug 1882342]
Affects: fedora-all [bug 1882341]
Comment 2Dhananjay Arunesh
2020-09-24 10:51:49 UTC
Created mingw-LibRaw tracking bugs for this issue:
Affects: fedora-all [bug 1882343]
Statement:
This flaw does not affect LibRaw as shipped with Red Hat Enterprise Linux 7 or 8 as the vulnerable code was introduced in a subsequent version of LibRaw.
Comment 5Product Security DevOps Team
2020-09-25 02:41:06 UTC