CVE-2021-32142

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibRaw version 0.20.0

Description The issue is related to a buffer overflow in the LibRaw buffer datastream::gets function, located in the libraw datastream.cpp component of the LibRaw image processing library. This allows an attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. The vulnerability can be exploited to escalate privileges.

Recommendations For LibRaw version 0.20.0, consider disabling the LibRaw buffer datastream::gets function as a temporary workaround until a patch is available. Restrict access to the libraw datastream.cpp component to minimize the risk of exploitation. Avoid using the gets function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALSA-2023:6343

ALSA-2024:2994

AZL-43756

AZL-45267

BDU:2023-03833

CESA-2024_0343

CESA-2024_2994

CVE-2021-32142

DLA-3433-1

DSA-5412-1

INFSA-2024_2994

MGASA-2023-0082

OESA-2024-1339

OESA-2024-1446

OESA-2024-1447

OESA-2024-1448

OESA-2024-1449

OESA-2024-1450

RHSA-2023:6343

RHSA-2023_6343

RHSA-2024:0343

RHSA-2024:2994

RHSA-2024_0343

RHSA-2024_2994

RLSA-2024:2994

ROSA-SA-2024-2350

SUSE-SU-2023:0510-1

SUSE-SU-2023:0511-1

SUSE-SU-2023:0512-1

SUSE-SU-2023_0510-1

SUSE-SU-2023_0512-1

USN-6137-1

USN-7266-1

Affected Products

Almalinux

Astra Linux

Centos

Libraw

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-32142

Weakness Enumeration

Related Identifiers

Affected Products

References · 82