Lxumeio

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 20.0 **Description** A buffer overflow issue in the `GetNormalizedModel` function within `src/metadata/normalize model.cpp` may lead to arbitrary code execution, depending on the context. **Recommendations** For versions prior to 20.0, update to version 20.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libraw version 20.0 **Description** The issue is related to a null pointer dereference vulnerability in the `parse tiff ifd` function located in `src/metadata/tiff.cpp`. This vulnerability may result in context-dependent arbitrary code execution, but it only occurs if the software is compiled in a specific way. **Recommendations** For libraw version 20.0, as a temporary workaround, consider avoiding compilation configurations that trigger this vulnerability until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.