In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
What's the severity of this CVE? Moderate?
For what it's worth, this CVE neither affects the LibRaw package in Fedora (F >= 35 has 0.20.2) nor in RHEL 9 (has 0.20.2).
I didn't check packages that carry other copies of the same code (eg., dcraw).
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):