LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. Reference: https://github.com/LibRaw/LibRaw/issues/301 Upstream commit: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2
Created LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1852097]
Created mingw-LibRaw tracking bugs for this issue: Affects: fedora-all [bug 1852098]
Statement: Versions of LibRaw shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw because the vulnerable code was introduced in a newer version of LibRaw. CR3 support was not introduced until 0.20-RC1 and the older exif code does not have the same logic.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15365