vulnerability
Oracle Linux: CVE-2021-32142: ELSA-2024-0343: LibRaw security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Feb 17, 2023 | Jan 24, 2024 | Jan 7, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 17, 2023
Added
Jan 24, 2024
Modified
Jan 7, 2025
Description
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
A flaw was found in the LibRaw package. A stack buffer overflow in the LibRaw_buffer_datastream::gets() function in src/libraw_datastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash.
A flaw was found in the LibRaw package. A stack buffer overflow in the LibRaw_buffer_datastream::gets() function in src/libraw_datastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash.
Solution(s)
oracle-linux-upgrade-libraworacle-linux-upgrade-libraw-develoracle-linux-upgrade-libraw-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.