CVE-2020-24890

EUVD-2020-17598
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
librawlibraw
0.20.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libraw
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
darktable
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
dcraw
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
exactimage
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
kodi
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
libraw
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
rawtherapee
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
ufraw
bionic
not-affected
focal
dne
trusty
dne
xenial
not-affected
xbmc
bionic
dne
focal
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/LibRaw/LibRaw/issues/335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWHUZCRMGOC3QS6C65KWBM6ZJM25V6HI/
https://security.gentoo.org/glsa/202010-05
https://github.com/LibRaw/LibRaw/issues/335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWHUZCRMGOC3QS6C65KWBM6ZJM25V6HI/
https://security.gentoo.org/glsa/202010-05