CVE-2020-35535
- Source
- https://cve.org/CVERecord?id=CVE-2020-35535
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35535.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-35535
- Downstream
- Published
- 2022-09-01T18:15:09.027Z
- Modified
- 2026-03-10T23:19:02.957412Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
- References
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "0.20.0-NA" }, { "introduced": "0" }, { "last_affected": "0.20.1" }, { "introduced": "0" }, { "last_affected": "0.20.2" } ] }
Affected versions
0.*
0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35535.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.20.0-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.21.0-beta1"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Line",
"target": {
"file": "src/metadata/sony.cpp"
},
"source": "https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81",
"signature_version": "v1",
"id": "CVE-2020-35535-10b2a2a5",
"digest": {
"line_hashes": [
"316649154521154265745370842671483245730",
"46052661576219292872557671107555330998",
"173851526752824635388924165099141683251",
"196769683903570661941151779568967305976",
"99094482000882616887676601240643145773",
"41815141875130937553340082989746287353",
"151208889879429536610900919417466238703",
"66851803985202017028181686683431481095",
"254503801112876348429478987905860514643",
"56197621776429877809978005276839258813",
"145053387336975255450009327239251641678",
"252080806012173373960804766179021620215",
"37334134465639751245591928924748561726",
"274945684524724072611129202985683763142",
"42660072194536593663544740062411066128",
"319797906161590061649899690643439225361",
"53042025517450275660081557263880935261",
"251998534208401179125283711359653023443",
"329164260646271292658779488603635114291",
"4514349758503672324808189565697900497",
"276953912327184160064571410386526236080",
"71027313906189056939296465472340833009",
"282984467181258294626380802218929845187",
"326009577854159913712869642042307548473",
"101977803710442791054043509426715366221",
"83803966047180311966728131300623593245",
"340244727769302136078076274922184943289",
"213884940653998016033633234078397518822",
"309467969980818874114962873944629241058",
"95408857200109053151294896765164362939",
"61475237784360663184305707459540277087",
"37656735866936651163580875994491990603",
"255202831789107321331115261020284796190",
"90732817309926387964175813493364890889",
"57661758461393019607139327251088616890",
"87996951190480407033882620334938625564",
"214240076647537385562524328639009604339",
"178820106047217187799879906772742313115",
"19791867730315990759172333882556992775",
"126914549517833815883673643665004394771",
"151373155570684929160952816974725659852",
"660788627461548715776271839036210662",
"246123869556705195528213203956323195574",
"317363096546185437175923233401032246333",
"220082866893440308371226021730130579977",
"154283626414383079011918026303900852673",
"234442245596831514823829269078373156828",
"83830807024276180881755028461020797635",
"172371806015643346194504519375554713927",
"48886623852267927916326318705378007769",
"219327810090208485258804122627829850596",
"310111242252683101206143686548166567842",
"166371791870311546007047462024774462009",
"187037217257734110238050413695734154825",
"135343167348669828903169574994314946617",
"180862797203469424275736188879388859643",
"197550583508215095027795225720012666772",
"324415353024708912240052038141816479318",
"104307975438036801054099356311375980685",
"269966244718110745941562467331383074271",
"245122851665487316705046865649199301740",
"162780501833354888078546347941532226584",
"19495562899828367043128949258691813630",
"165242024130268600537097728760805635910",
"104234364971346619258022949239067390088",
"48332622226345711699154714880663216604",
"335704585402769398794738013309846189156",
"34684080726088044730250046436112653849",
"149411789027242098039508738038226349341",
"157489640915516552573132225078870423654",
"276777016703798063557465469372435712386",
"326994671312149092196912008095073154031",
"302058406674348548228671855450434858793",
"263877132801500374608531338492683586032",
"108587633537507210242609878158511307392",
"108587633537507210242609878158511307392",
"87374255849661096955147283990421243903",
"200018920390026010187262818830822452083",
"211208014924509746198486287980029249234",
"4434966343203394026554147462598578898",
"190496518971077527543254646561348450076",
"38092980896467188567046279985605798897",
"8722419110510572662066101352894870336",
"113110028033537179117534661902490241788",
"47810524310690883918816444481679355693",
"19368351790609190001396192824809507160",
"273459090778645643394758136497897364985",
"189557052929668182334885539843497503653",
"241591983626504435822093474381427299054",
"200998678365403977757950505197106600583",
"23374726291490454207132526043931055032",
"300052245752865189134158924507824476585",
"317386681760824873469319947095193588062",
"271517567503125763674819742364172711109",
"338295806657554816469867308296242816885",
"55830581631634625741236567313047010184",
"57535906938289946191639668093536971945",
"68729814482366585393368248560424150703",
"219926923502918138769429468954083979662",
"333956041535528773487966603284392293183",
"29405079780120819790348524546902543236",
"39389128892255574088950398062611998314",
"239825601200775327031474528877788174675",
"167043146693298126061514505958617457186",
"247099358747931945037431489150945823700",
"204546219330068226175315459197794144163",
"113677640955019150888109755735677673924",
"183621375590788407377910055629293819672",
"259551223267396262094537903215403153166",
"17390960073133957664162122567197553933",
"12609618981181033468800764398073803856",
"320349939086085918108591888073733668081",
"65524964548398313603688485331312277583",
"129954042094695102369950954182751957269",
"143508086616683471115071605324633612574",
"258022394088577106283795330596546876565",
"93728355049263162954061760251971707874",
"217757434896733779703441820993131721611",
"195304856574148835469825061821872353112",
"57257392547751187524916959267593665849",
"217095406291626438399461037827509695166"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"target": {
"function": "LibRaw::parseSonySRF",
"file": "src/metadata/sony.cpp"
},
"source": "https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81",
"signature_version": "v1",
"id": "CVE-2020-35535-4babbd97",
"digest": {
"function_hash": "332817766350570600695621536726892071554",
"length": 3131.0
},
"deprecated": false
},
{
"signature_type": "Function",
"target": {
"function": "LibRaw::parseSonySR2",
"file": "src/metadata/sony.cpp"
},
"source": "https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81",
"signature_version": "v1",
"id": "CVE-2020-35535-77ecd092",
"digest": {
"function_hash": "37495140435446563446574136542006398379",
"length": 3639.0
},
"deprecated": false
}
]