CVE-2020-35534
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-35534
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35534.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-35534
- Downstream
- Published
- 2022-09-01T18:15:08.970Z
- Modified
- 2025-11-20T11:27:14.966426Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.
- References
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2598.0,
"function_hash": "304067255593464391204559877591262638598"
},
"id": "CVE-2020-35534-1183f3c9",
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "src/decoders/crx.cpp",
"function": "crxSetupImageData"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"207025629213826478782711585089619196405",
"46210917819055421652970923090102933061",
"254433997921358066226404156423441657228",
"121994386768069482291492441094111723288",
"275102079883325482336975478637768809603",
"36697794633138683032327397447644895477",
"277118339117857684842982490009750716174",
"65645581251733642688664186356693583341",
"316087894895111894776509001086326422840",
"155094797138262158715011722943372759673",
"241262019974755519109528584818696405645",
"309469925143102725706567095418553205056",
"191222143218349248901340106387999577863",
"143694028460128255448081530377835469060",
"247622824270986836224606442603853476353",
"257006018023871358033745708324339880172",
"37068116164476279639823274019009488451",
"170953799371358395856627254918595508694",
"220827291551333629307864972198252591063",
"69979822832814378085247771266647826075",
"300944257647597002788893234091997179491",
"264667890937460988249141476038684755051",
"161730718990226723066611946387200200736",
"308098668655048793114324289161890508271",
"99535194873368442031758877532105173779",
"279971681981612285731267832377856569851",
"179823677049461061814453275736592047835",
"3722994086539316139008653408455388370",
"238339770923636238062750539650299150893",
"279574953964691476299066488056085901984",
"219297394625546144797780784734683941176",
"92297341031626493260490847218284817970",
"130003116614256576847249031700490520883",
"74071469155823240007765569727079761576",
"129568879526085123979665197806059272639",
"340058611344724610711778372090807272294",
"279624443580856459789975734621925894814",
"120319890168423194387580495270527790724",
"87497126820268909636269769173084844130",
"266241160173850832154973810057645275031",
"308721921421513706366758030383134252262",
"161770792435430140389162847295878330703",
"214945933418850996100457723086524168082"
]
},
"id": "CVE-2020-35534-358dbf6f",
"signature_type": "Line",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "src/decoders/crx.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 477.0,
"function_hash": "86253214918197525464279454160269446819"
},
"id": "CVE-2020-35534-459c908e",
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "src/decoders/crx.cpp",
"function": "crxFreeImageData"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3296.0,
"function_hash": "115870271723420634714950939325653787158"
},
"id": "CVE-2020-35534-54444d4f",
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "src/decoders/crx.cpp",
"function": "crxReadImageHeaders"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"257565646438463229760550925027380287191",
"129219754118494595211010221887387401221",
"106762490404665023299031489473230734750"
]
},
"id": "CVE-2020-35534-ae664cc9",
"signature_type": "Line",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "libraw/libraw_const.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1053.0,
"function_hash": "324504935333696376085606239220186075503"
},
"id": "CVE-2020-35534-d16f5509",
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "src/decoders/crx.cpp",
"function": "crxParamInit"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2804.0,
"function_hash": "230160589078258416786847250213180826865"
},
"id": "CVE-2020-35534-d1f4918e",
"signature_type": "Function",
"source": "https://github.com/libraw/libraw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8",
"target": {
"file": "src/decoders/crx.cpp",
"function": "crxSetupSubbandData"
}
}
]