Fluid Attacks Database

Description

libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	libraw	=0.20.2-1 \|\| =0.20.2-1+deb11u1 \|\| =0.20.2-1+deb11u2 \|\| =0.20.2-2 \|\| =0.20.2-2.1 \|\| =0.21.1-1 \|\| =0.21.1-2 \|\| =0.21.1-3 \|\| =0.21.1-4 \|\| =0.21.1-5 \|\| =0.21.1-6 \|\| =0.21.1-7 \|\| =0.21.2-1 \|\| =0.21.2-2 \|\| =0.21.2-2.1 \|\| =0.21.2-2.1~exp1 \|\| =0.21.3-1 \|\| =0.21.4-1 \|\| =0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2
debian 12	libraw	=0.20.2-2.1 \|\| =0.20.2-2.1+deb12u1 \|\| =0.21.1-1 \|\| =0.21.1-2 \|\| =0.21.1-3 \|\| =0.21.1-4 \|\| =0.21.1-5 \|\| =0.21.1-6 \|\| =0.21.1-7 \|\| =0.21.2-1 \|\| =0.21.2-2 \|\| =0.21.2-2.1 \|\| =0.21.2-2.1~exp1 \|\| =0.21.3-1 \|\| =0.21.4-1 \|\| =0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2
debian 13	libraw	=0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2
debian 14	libraw	=0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2

Aliases

1. CVE-2020-248902. NVD-2020-248903. OSV-DEBIAN-2020-248904. OSV-2020-248905. SECURITY-TRACKER-CVE-2020-24890

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.