{"id":"CVE-2020-15503","details":"LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.","modified":"2026-04-02T04:10:01.246556Z","published":"2020-07-02T14:15:11.683Z","related":["ALSA-2020:4451","MGASA-2020-0368","SUSE-SU-2020:2028-1","SUSE-SU-2020:2029-1","openSUSE-SU-2020:1088-1","openSUSE-SU-2020:1128-1","openSUSE-SU-2024:10980-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSXAJKZ4VNDYVQULJNY4XDPWHIJDTB4P/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCVKD7PTO7UQAVUTBHJAKBKYLPQQGAMZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y34ALB34P3NGQXLF7BG7R6DGRX6XL2JN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HM2DS6HA4YZREI3BYGS75M6D76WMW62/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNGDWTO45TU4KGND75EUUEGUMNSOYC7H/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00001.html"},{"type":"ADVISORY","url":"https://www.libraw.org/news/libraw-0-20-rc1"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html"},{"type":"ADVISORY","url":"https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"last_affected":"beeb572687270d49c16734c9ca620982151dbeff"},{"fixed":"20ad21c0d87ca80217aee47533d91e633ce1864d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.19.5"}]}}],"versions":["0.11.0-Release","0.11.1","0.11.2","0.11.3","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.14.7","0.14.8","0.15.0","0.15.1","0.15.2","0.15.3","0.15.4","0.16.0","0.16.1","0.16.2","0.17.0","0.17.1","0.17.2","0.18.0","0.18.1","0.18.10","0.18.11","0.18.12","0.18.13","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.8","0.18.9","0.19.0","0.19.1","0.19.2","0.19.3","0.19.4","0.19.5"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["95504925387959412511911477587878745185","211498614830520016092898085902592191304","258909625175771742828218197375693978553"]},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Line","id":"CVE-2020-15503-4de4e8ed","target":{"file":"src/utils/thumb_utils.cpp"}},{"signature_version":"v1","digest":{"function_hash":"20834980326322708084884246758929434607","length":5265},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Function","id":"CVE-2020-15503-b47b1d85","target":{"function":"LibRaw::kodak_thumb_loader","file":"src/utils/thumb_utils.cpp"}},{"signature_version":"v1","digest":{"function_hash":"60925816791984355313585374140980915893","length":1869},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Function","id":"CVE-2020-15503-bab2ecca","target":{"function":"LibRaw::dcraw_make_mem_thumb","file":"src/postprocessing/mem_image.cpp"}},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["59779410903218153793678754994680767601","132752582361061888394256996303006118673","185045691167740575729910415964833655416","161049959832819816644170497010757592682","260007268614515162766175710996963767171","255532408959626893688328621463383668856","293793618887016688055475224622010045250","237163547497289955783163831819047220253","53946906021982039869438027886283012302","159623424722262447118890624610300865183","24074827839660080180766803516914248259","193770801203564601580014460272938621217","279776459699944493687719371011149108112","106535962320044590641199677616499872207","283450966731452391535050062147183429866","94649701061232974678424622551508588263","211509070784551980709998278180183119961","283511725562753475212592465244817300621","80668828536364397405743644776123983152","237567926824714123645467842340474684318","285312419739008761685997607143246357862","258224793432605195806530931128263774249","65443162971290850839897068754309996559","148315636905740143535486119577249766951","181202847632146431652953263163741802944","106211129585307599656075310087927609507","195072596634072040877784318058145114722","306099842656121619297437396043320744575","239128415640668498542060449212822440966","25636571237006944437910063657224247718","78239118379284603983132881493921935450","47533961952800260579564617492129636545"]},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Line","id":"CVE-2020-15503-bd149f8b","target":{"file":"src/decoders/unpack_thumb.cpp"}},{"signature_version":"v1","digest":{"function_hash":"51726212998995411333273680451998935224","length":7684},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Function","id":"CVE-2020-15503-ccd49802","target":{"function":"LibRaw::unpack_thumb","file":"src/decoders/unpack_thumb.cpp"}},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["187981261985522913612295356341902997356","316324685096684762484593438217362973867","42418153475302119724450462163414037082"]},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Line","id":"CVE-2020-15503-ddbaed06","target":{"file":"src/postprocessing/mem_image.cpp"}},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["249569001442104715920048703562899778"]},"source":"https://github.com/libraw/libraw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d","deprecated":false,"signature_type":"Line","id":"CVE-2020-15503-ddf53db8","target":{"file":"libraw/libraw_const.h"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.20-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.20-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.20-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15503.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}