| Package | libraw |
|---|---|
| Version | 0.16.0-9+deb8u6 (jessie) |
| Related CVEs | CVE-2020-15503 |
This update adds thumbnail size checks to avoid out of bounds memory accesses.
CVE-2020-15503
LibRaw lacks a thumbnail size range check. This affects
decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and
utils/thumb_utils.cpp. For example,
malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength.
For Debian 8 jessie, these problems have been fixed in version 0.16.0-9+deb8u6.
We recommend that you upgrade your libraw packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.