CVE-2020-15503: user/libraw: lack of size range check for thumbnails
| Bugzilla ID | 332 |
| Alias(es) | CVE-2020-15503 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-10 16:29:46 -0500 |
| Modified | 2020-09-22 23:16:38 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libraw |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-15503 |
Description
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and
utils/thumb_utils.cpp. For example,
malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength.
Upstream patch https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
RedHat backport https://bugzilla.redhat.com/attachment.cgi?id=1699874&action=diff