{"containers": {"cna": {"affected": [{"product": "LibRaw", "vendor": "n/a", "versions": [{"status": "affected", "version": "LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2"}]}], "descriptions": [{"lang": "en", "value": "In LibRaw, there is a memory corruption vulnerability within the \"crxFreeSubbandData()\" function (libraw\\src\\decoders\\crx.cpp) when processing cr3 files."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T17:54:28", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/LibRaw/LibRaw/issues/279"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35534", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibRaw", "version": {"version_data": [{"version_value": "LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In LibRaw, there is a memory corruption vulnerability within the \"crxFreeSubbandData()\" function (libraw\\src\\decoders\\crx.cpp) when processing cr3 files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "https://github.com/LibRaw/LibRaw/issues/279", "refsource": "MISC", "url": "https://github.com/LibRaw/LibRaw/issues/279"}, {"name": "https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8", "refsource": "MISC", "url": "https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:02:08.125Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/LibRaw/LibRaw/issues/279"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35534", "datePublished": "2022-09-01T17:54:28", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-04T17:02:08.125Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libraw:libraw:0.20.0:-:*:*:*:*:*:*", "matchCriteriaId": "E00F0C8F-11AC-42B2-8D85-27028B41EBF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.20.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4B8669B-CE7F-47D2-9111-E7787EAD6E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "8269B02E-558F-4AA5-9EEA-87226A3D1816", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "06DBABB8-8921-4E8B-B9E5-FFE6CCE79EB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libraw:libraw:0.21.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "36C296E2-1899-457B-9EB2-916A33E383C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In LibRaw, there is a memory corruption vulnerability within the \"crxFreeSubbandData()\" function (libraw\\src\\decoders\\crx.cpp) when processing cr3 files."}, {"lang": "es", "value": "En LibRaw, se presenta una vulnerabilidad de corrupci\u00f3n de memoria en la funci\u00f3n \"crxFreeSubbandData()\" (libraw\\src\\decoders\\crx.cpp) cuando son procesados archivos cr3"}], "id": "CVE-2020-35534", "lastModified": "2022-09-07T17:35:56.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T18:15:08.970", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/LibRaw/LibRaw/issues/279"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "LibRaw: Memory corruption in \"crxFreeSubbandData()\" function", "id": "2122360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122360"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["In LibRaw, there is a memory corruption vulnerability within the \"crxFreeSubbandData()\" function (libraw\\src\\decoders\\crx.cpp) when processing cr3 files.", "A vulnerability was found in LibRaw. There is memory corruption within the \"crxFreeSubbandData()\" function (libraw\\src\\decoders\\crx.cpp) when processing cr3 files."], "name": "CVE-2020-35534", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/libraw1394", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/libraw1394", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35534\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35534"], "threat_severity": "Low", "upstream_fix": "LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2"}