Fluid Attacks Database

Description

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libraw	>=0 <0.20.2-1	0.20.2-1
debian 11	libraw	>=0 <0.20.2-1	0.20.2-1
debian 13	libraw	>=0 <0.20.2-1	0.20.2-1
debian 14	libraw	>=0 <0.20.2-1	0.20.2-1
rpm rhel6	dcraw	-	-
rpm rhel8	LibRaw	<0:0.19.5-3.el8	0:0.19.5-3.el8
rpm rhel7	libkdcraw	-	-
rpm rhel7	dcraw	-	-

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.