Bug 2234992 (CVE-2020-22628)

Summary: CVE-2020-22628 libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alekcejk, debarshir, desktop-qa-list, redhat
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: LibRaw 0.20-RC2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the libraw library. This issue occurs due to an out-of-bounds read vulnerability that exists within the "LibRaw::stretch()" function (libraw\src\postprocessing\aspect_ratio.cpp) when parsing a crafted CRW file.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2235275, 2235277, 2234994, 2234995, 2235273, 2235274, 2235276    
Bug Blocks: 2234993    

Description Pedro Sampaio 2023-08-25 21:05:40 UTC 
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

References:

https://github.com/LibRaw/LibRaw/issues/269
https://github.com/LibRaw/LibRaw/commit/84bbb972d94a965f70302b85738778443540774a
Comment 2 TEJ RATHI 2023-08-28 09:07:49 UTC 
Created LibRaw tracking bugs for this issue:

Affects: fedora-all [bug 2235273]


Created LibRaw-epel tracking bugs for this issue:

Affects: epel-all [bug 2235275]


Created digikam tracking bugs for this issue:

Affects: epel-all [bug 2235277]
Affects: fedora-all [bug 2235276]


Created mingw-LibRaw tracking bugs for this issue:

Affects: fedora-all [bug 2235274]
Comment 3 nucleo 2023-08-28 11:36:44 UTC 
> https://github.com/LibRaw/LibRaw/commit/84bbb972d94a965f70302b85738778443540774a

This is very old commit. There are a lot of changes after it
https://github.com/LibRaw/LibRaw/commits/master/src/metadata/identify.cpp

digiKam uses LibRaw snapshot 2023-05-14.

Is this bug really actual?
Comment 4 Arne Reiter 2023-11-29 18:04:46 UTC 
The buffer overflow vulnerability was fixed in version LibRaw 0.20-RC2.

Currently all active branches are built at least with the same version:

Fedora 40	LibRaw-0.21.1-7.fc40	
Fedora 39	LibRaw-0.21.1-5.fc39	
Fedora 38	LibRaw-0.21.1-4.fc38	
Fedora 37	LibRaw-0.20.2-8.fc37

This bug can be closed.