Fluid Attacks Database

Description

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libraw	>=0 <0.20.2-2.1	0.20.2-2.1
debian 11	libraw	=0.20.2-1 \|\| >=0 <0.20.2-1+deb11u1	0.20.2-1+deb11u1
debian 12	libraw	>=0 <0.20.2-2.1	0.20.2-2.1
debian 14	libraw	>=0 <0.20.2-2.1	0.20.2-2.1
rpm rhel8	LibRaw	<0:0.19.5-4.el8	0:0.19.5-4.el8
rpm rhel7	LibRaw	<0:0.19.4-2.el7_9	0:0.19.4-2.el7_9
rpm rhel9	LibRaw	<0:0.20.2-6.el9	0:0.20.2-6.el9

Aliases

1. CVE-2021-321422. NVD-2021-321423. OSV-DEBIAN-2021-321424. OSV-2021-321425. SECURITY-TRACKER-CVE-2021-32142

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.