CVE-2020-35530 In LibRaw, there is an out-of-bounds write vulnerability in the 'new_node()' function in X3F files that can be triggered.

If a user were to open a malicious X3F file on a LibRaw processing server, it would be possible to execute arbitrary code as the X3F processing server user.

LibRaw 1.0.0, released on April 17th, 2018 is vulnerable to an out-of-bounds write vulnerability.

Overview: Out-of-Bounds write to file input stream

An out-of-bounds write vulnerability exists in LibRaw 1.0.0 and earlier, where the X3F processing server's file input stream can be manipulated to write outside of a buffer allocated for the input stream. An attacker could utilize this vulnerability to execute arbitrary code as the X3F processing server user.

Affected Packages:

LibRaw 1.0.0
Affected Packages: LibRaw 1.0.0
CVE-2020-35530

Details of the Vulnerability

This vulnerability has been assigned CVE-2020-35530. If a user were to open a malicious X3F file on a LibRaw processing server, it would be possible to execute arbitrary code as the X3F processing server user. The malicious file can be created by a user or by an untrusted source.

Vulnerability overview

LibRaw is a library for reading RAW files from cameras. It implements decoding and encoding functions, as well as a number of other functions. On some platforms, the current version of LibRaw is vulnerable to a out-of-bounds write vulnerability due to improper input validation.
In case X3F files are opened on a LibRaw processing server, the file owner could create arbitrary code with system privileges and execute it on the server. This could lead to remote code execution.
Affected software versions:
LibRaw 1.0.0 (April 17th, 2018)

Implications of an Out-of-Bounds Write Vulnerability

An out-of-bounds write vulnerability is a type of buffer overflow that occurs when an application writes data to memory that extends beyond the end of its allocated space. This can allow for the execution of arbitrary code as the user running the application. If a malicious user were to open a malicious X3F file on a LibRaw processing server, it would be possible for them to execute arbitrary code as the X3F processing server user. An attacker could then use this arbitrary code to do anything they want with full control over that server.

Timeline

Published on: 09/01/2022 18:15:00 UTC
Last modified on: 09/29/2022 16:33:00 UTC

References

• https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb
• https://github.com/LibRaw/LibRaw/issues/272
• https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35530