Skip to main content

Libraw CVE-2020-24889

HIGH
Classic Buffer Overflow (CWE-120)
2020-09-16 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 16, 2020 - 15:15 nvd
HIGH 7.8

DescriptionNVD

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

AnalysisAI

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Affected products include: Libraw.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Libraw

View all
CVE-2018-20337 HIGH POC
8.8 Dec 21

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Rated high

CVE-2013-2126 HIGH POC
7.5 Aug 14

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow cont

CVE-2013-2127 HIGH POC
7.5 Aug 14

Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a de

CVE-2023-1729 MEDIUM POC
6.5 May 15

A flaw was found in LibRaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticat

CVE-2020-15365 MEDIUM POC
6.5 Jun 28

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomNam

CVE-2018-20365 MEDIUM POC
6.5 Dec 22

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerabi

CVE-2018-20364 MEDIUM POC
6.5 Dec 22

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Rated medium severity (CVSS 6.5),

CVE-2018-20363 MEDIUM POC
6.5 Dec 22

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Rated medium severity (CVSS 6.5), t

CVE-2017-14265 CRITICAL
9.8 Sep 11

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3.

CVE-2017-6886 CRITICAL
9.8 May 16

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be expl

CVE-2026-20911 CRITICAL
9.8 Apr 07

Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve ar

CVE-2026-21413 CRITICAL
9.8 Apr 07

Heap-based buffer overflow in LibRaw's lossless JPEG processing (commits 0b56545 and d20315b) allows unauthenticated rem

Share

CVE-2020-24889 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy