4:08 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Bug ID: 2122362
Summary: CVE-2020-35535 LibRaw: Out-of-bounds read in
LibRaw::parseSonySRF() function
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: dchen(a)redhat.com, debarshir(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, hobbes1069(a)gmail.com,
jridky(a)redhat.com, manisandro(a)gmail.com,
mattdm(a)redhat.com, mattia.verga(a)proton.me,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
nphilipp(a)redhat.com, sebastian(a)sdziallas.com,
sergio(a)serjux.com, siddharth.kde(a)gmail.com,
sipoyare(a)redhat.com, thibault(a)north.li
Target Milestone: ---
Classification: Other
In LibRaw, there is an out-of-bounds read vulnerability within the
"LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when
processing srf files.
Upstream issue:
https://github.com/LibRaw/LibRaw/issues/283
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
4:21 p.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Pedro Sampaio <psampaio(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2122363
Fixed In Version| |LibRaw 0.21-Beta1, LibRaw
| |0.20.2, LibRaw 0.20.1,
| |LibRaw 0.20.0, LibRaw
| |0.20-RC2
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
4:28 p.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Pedro Sampaio <psampaio(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Comment|0 |updated
--- Comment #0 has been edited ---
In LibRaw, there is an out-of-bounds read vulnerability within the
"LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when
processing srf files.
Upstream issue:
https://github.com/LibRaw/LibRaw/issues/283
Upstream fix:
https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde6068153...
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
5:56 a.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Debarshi Ray <debarshir(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(psampaio(a)redhat.c
| |om)
--- Comment #1 from Debarshi Ray <debarshir(a)redhat.com> ---
What's the severity of this CVE? Moderate?
For what it's worth, this CVE neither affects the LibRaw package in Fedora (F
= 35 has 0.20.2) nor in RHEL 9 (has 0.20.2).
I didn't check packages that carry other copies of the same code (eg., dcraw).
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
8:55 a.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Pedro Sampaio <psampaio(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(psampaio(a)redhat.c |
|om) |
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
12:55 a.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2135618
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
1:30 a.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |low
Severity|medium |low
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
3:53 a.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
--- Doc Text *updated* by Dhananjay Arunesh <darunesh(a)redhat.com> ---
In LibRaw, there is an out-of-bounds read vulnerability within the
"LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing
srf files.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
7:09 a.m.
New subject: [Bug 2122362] CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
--- Doc Text *updated* by RaTasha Tillery-Smith <rtillery(a)redhat.com> ---
A vulnerability was found in LibRaw. There is an out-of-bounds read within the
"LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing
srf files.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
595
days inactive
655
days old
epel-packagers-sig@lists.fedoraproject.org
8 comments
1 participants
participants (1)
-
bugzilla@redhat.com