CVE-2020-24870

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-24870

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24870.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-24870

Downstream

DEBIAN-CVE-2020-24870

RHSA-2021:4381

UBUNTU-CVE-2020-24870

Related

Published

2021-06-02T16:15:08Z

Modified

2025-10-21T05:47:35.175048Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdng_fields in identify.cpp.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type: GIT
Repo: https://github.com/libraw/libraw
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4feaed4dea636cee4fee010f615881ccf76a096d

Affected versions

0.*

0.11.0-Release

0.11.1

0.11.2

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

0.14.0

0.14.1

0.14.2

0.14.3

0.14.4

0.14.5

0.14.6

0.15.0

0.16.0

0.17.0

0.18.0

0.20-RC2

0.20.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2020-24870-31872964",
        "source": "https://github.com/libraw/libraw/commit/4feaed4dea636cee4fee010f615881ccf76a096d",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "127369863400399030445089453515086710742",
                "143352257161882419934463851685344218790",
                "149081386631648574687993847631526607820",
                "90571716103714361609775829094938631250",
                "64212602395394805498333815964493822952",
                "246029732494002346913498674344628261452",
                "336613780886055486036551309628972026859",
                "80819173922190116192470406883009366994",
                "83650079410275834961759166175003361250",
                "72611878404799344344766699135947092279",
                "184054827936135119807788380588696604905",
                "159345781273529265670087347869271034565",
                "46668523762482181852934340781690791223",
                "30895639349609606990868918680604187306",
                "193962300235662687148425839430341672206",
                "248672851197025629570687067468774085258",
                "323324160718181615062772601288014836379",
                "290007040198435070387284445091957484722",
                "201019683317171841142185943256224757142"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/metadata/identify.cpp"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "id": "CVE-2020-24870-3f6d4e07",
        "source": "https://github.com/libraw/libraw/commit/4feaed4dea636cee4fee010f615881ccf76a096d",
        "signature_version": "v1",
        "digest": {
            "length": 10660.0,
            "function_hash": "94799694404746039246306392899922980268"
        },
        "target": {
            "function": "LibRaw::identify_process_dng_fields",
            "file": "src/metadata/identify.cpp"
        },
        "signature_type": "Function",
        "deprecated": false
    }
]