CVE-2020-35535

2022-09-0118:15:09

Alpine Linux Development Team

security.alpinelinux.org

libraw

out-of-bounds read

parsesonysrf

srf files

vulnerability

sony.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

In LibRaw, there is an out-of-bounds read vulnerability within the “LibRaw::parseSonySRF()” function (libraw\src\metadata\sony.cpp) when processing srf files.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchlibraw< 0.20.0-r0UNKNOWN
Alpine3.17-communitynoarchlibraw< 0.20.0-r0UNKNOWN
Alpine3.18-communitynoarchlibraw< 0.20.0-r0UNKNOWN
Alpine3.19-communitynoarchlibraw< 0.20.0-r0UNKNOWN
Alpine3.20-communitynoarchlibraw< 0.20.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	libraw	< 0.20.0-r0	UNKNOWN
Alpine	3.17-community	noarch	libraw	< 0.20.0-r0	UNKNOWN
Alpine	3.18-community	noarch	libraw	< 0.20.0-r0	UNKNOWN
Alpine	3.19-community	noarch	libraw	< 0.20.0-r0	UNKNOWN
Alpine	3.20-community	noarch	libraw	< 0.20.0-r0	UNKNOWN