Fluid Attacks Database

Description

In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libraw	>=0 <0.20.0-4	0.20.0-4
debian 12	libraw	>=0 <0.20.0-4	0.20.0-4
debian 13	libraw	>=0 <0.20.0-4	0.20.0-4
debian 14	libraw	>=0 <0.20.0-4	0.20.0-4
rpm rhel6	libraw1394	-	-
rpm rhel7	LibRaw	-	-
rpm rhel8	LibRaw	-	-
rpm rhel7	libraw1394	-	-

Aliases

1. CVE-2020-355342. NVD-2020-355343. OSV-DEBIAN-2020-355344. OSV-2020-355345. SECURITY-TRACKER-CVE-2020-35534

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.