CVE-2020-24890

Name of the Vulnerable Software and Affected Versions libraw version 20.0

Description The issue is related to a null pointer dereference vulnerability in the parse tiff ifd function located in src/metadata/tiff.cpp. This vulnerability may result in context-dependent arbitrary code execution, but it only occurs if the software is compiled in a specific way.

Recommendations For libraw version 20.0, as a temporary workaround, consider avoiding compilation configurations that trigger this vulnerability until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.