CVE-2021-32142

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32142
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32142.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32142
Downstream
Related
Published
2023-02-17T18:15:10Z
Modified
2025-10-21T05:50:12.694423Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

References

Affected packages

Git / github.com/libraw/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bc3aaf4223fdb70d52d470dae65c5a7923ea2a49

Affected versions

0.*

0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
0.20-RC2
0.20.0
0.20.1
0.20.2

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "LibRaw_file_datastream::gets",
            "file": "src/libraw_datastream.cpp"
        },
        "digest": {
            "function_hash": "81537286543682610447369285951027231239",
            "length": 199.0
        },
        "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
        "signature_type": "Function",
        "id": "CVE-2021-32142-31df3fd3"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "LibRaw_buffer_datastream::gets",
            "file": "src/libraw_datastream.cpp"
        },
        "digest": {
            "function_hash": "286491763390684630258264132505426074568",
            "length": 559.0
        },
        "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
        "signature_type": "Function",
        "id": "CVE-2021-32142-85652960"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "LibRaw_bigfile_datastream::gets",
            "file": "src/libraw_datastream.cpp"
        },
        "digest": {
            "function_hash": "125079287825345516398437667214404768579",
            "length": 132.0
        },
        "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
        "signature_type": "Function",
        "id": "CVE-2021-32142-d895dd03"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/libraw_datastream.cpp"
        },
        "digest": {
            "line_hashes": [
                "86824672576354342994279395504079416009",
                "208285136829749272023630488284903698110",
                "246686468344042786203772885753692717520",
                "156655833131235789381585821138325741479",
                "299496342817353293845719362196388617536",
                "97267469384921867083102630172811268428",
                "114025178590675028232523899343171257429",
                "153514794021984729152833380180636400734",
                "277607046158668096422371046479095655182",
                "236492368691662327124583659124535641868",
                "245719843120764539298744244989077674417",
                "284374123599808139061660728445240826041"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49",
        "signature_type": "Line",
        "id": "CVE-2021-32142-e63d56e3"
    }
]