Fluid Attacks Database

Description

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libraw	>=0 <0.20.2-2.1	0.20.2-2.1
debian 11	libraw	=0.20.2-1 \|\| >=0 <0.20.2-1+deb11u1	0.20.2-1+deb11u1
debian 12	libraw	>=0 <0.20.2-2.1	0.20.2-2.1
debian 13	libraw	>=0 <0.20.2-2.1	0.20.2-2.1
rpm rhel7	LibRaw	-	-
rpm rhel8	LibRaw	-	-
rpm rhel9	LibRaw	<0:0.21.1-1.el9	0:0.21.1-1.el9

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.