In LibRaw, there is a memory corruption vulnerability within the “crxFreeSubbandData()” function (libraw\src\decoders\crx.cpp) when processing cr3 files.
[
{
"product": "LibRaw",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LibRaw 0.21-Beta1, LibRaw 0.20.2, LibRaw 0.20.1, LibRaw 0.20.0, LibRaw 0.20-RC2"
}
]
}
]