{"id":"CVE-2020-35535","details":"In LibRaw, there is an out-of-bounds read vulnerability within the \"LibRaw::parseSonySRF()\" function (libraw\\src\\metadata\\sony.cpp) when processing srf files.","modified":"2026-04-11T13:53:08.509563Z","published":"2022-09-01T18:15:09.027Z","references":[{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/issues/283"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"last_affected":"2aee1220d5ecdcb8887b11c3d505a900570852c6"},{"introduced":"0"},{"last_affected":"95d5f1616d7df552fba853ea91ff1d6fc00feb6c"},{"introduced":"0"},{"last_affected":"0209b6a2caec189e6d1a9b21c10e9e49f46e5a92"},{"fixed":"c243f4539233053466c1309bde606815351bee81"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.20.0-NA"},{"introduced":"0"},{"last_affected":"0.20.1"},{"introduced":"0"},{"last_affected":"0.20.2"}]}}],"versions":["0.12.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.20-RC2","0.20.0","0.20.1","0.20.2"],"database_specific":{"vanir_signatures_modified":"2026-04-11T13:53:08Z","vanir_signatures":[{"signature_version":"v1","id":"CVE-2020-35535-10b2a2a5","source":"https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81","digest":{"threshold":0.9,"line_hashes":["316649154521154265745370842671483245730","46052661576219292872557671107555330998","173851526752824635388924165099141683251","196769683903570661941151779568967305976","99094482000882616887676601240643145773","41815141875130937553340082989746287353","151208889879429536610900919417466238703","66851803985202017028181686683431481095","254503801112876348429478987905860514643","56197621776429877809978005276839258813","145053387336975255450009327239251641678","252080806012173373960804766179021620215","37334134465639751245591928924748561726","274945684524724072611129202985683763142","42660072194536593663544740062411066128","319797906161590061649899690643439225361","53042025517450275660081557263880935261","251998534208401179125283711359653023443","329164260646271292658779488603635114291","4514349758503672324808189565697900497","276953912327184160064571410386526236080","71027313906189056939296465472340833009","282984467181258294626380802218929845187","326009577854159913712869642042307548473","101977803710442791054043509426715366221","83803966047180311966728131300623593245","340244727769302136078076274922184943289","213884940653998016033633234078397518822","309467969980818874114962873944629241058","95408857200109053151294896765164362939","61475237784360663184305707459540277087","37656735866936651163580875994491990603","255202831789107321331115261020284796190","90732817309926387964175813493364890889","57661758461393019607139327251088616890","87996951190480407033882620334938625564","214240076647537385562524328639009604339","178820106047217187799879906772742313115","19791867730315990759172333882556992775","126914549517833815883673643665004394771","151373155570684929160952816974725659852","660788627461548715776271839036210662","246123869556705195528213203956323195574","317363096546185437175923233401032246333","220082866893440308371226021730130579977","154283626414383079011918026303900852673","234442245596831514823829269078373156828","83830807024276180881755028461020797635","172371806015643346194504519375554713927","48886623852267927916326318705378007769","219327810090208485258804122627829850596","310111242252683101206143686548166567842","166371791870311546007047462024774462009","187037217257734110238050413695734154825","135343167348669828903169574994314946617","180862797203469424275736188879388859643","197550583508215095027795225720012666772","324415353024708912240052038141816479318","104307975438036801054099356311375980685","269966244718110745941562467331383074271","245122851665487316705046865649199301740","162780501833354888078546347941532226584","19495562899828367043128949258691813630","165242024130268600537097728760805635910","104234364971346619258022949239067390088","48332622226345711699154714880663216604","335704585402769398794738013309846189156","34684080726088044730250046436112653849","149411789027242098039508738038226349341","157489640915516552573132225078870423654","276777016703798063557465469372435712386","326994671312149092196912008095073154031","302058406674348548228671855450434858793","263877132801500374608531338492683586032","108587633537507210242609878158511307392","108587633537507210242609878158511307392","87374255849661096955147283990421243903","200018920390026010187262818830822452083","211208014924509746198486287980029249234","4434966343203394026554147462598578898","190496518971077527543254646561348450076","38092980896467188567046279985605798897","8722419110510572662066101352894870336","113110028033537179117534661902490241788","47810524310690883918816444481679355693","19368351790609190001396192824809507160","273459090778645643394758136497897364985","189557052929668182334885539843497503653","241591983626504435822093474381427299054","200998678365403977757950505197106600583","23374726291490454207132526043931055032","300052245752865189134158924507824476585","317386681760824873469319947095193588062","271517567503125763674819742364172711109","338295806657554816469867308296242816885","55830581631634625741236567313047010184","57535906938289946191639668093536971945","68729814482366585393368248560424150703","219926923502918138769429468954083979662","333956041535528773487966603284392293183","29405079780120819790348524546902543236","39389128892255574088950398062611998314","239825601200775327031474528877788174675","167043146693298126061514505958617457186","247099358747931945037431489150945823700","204546219330068226175315459197794144163","113677640955019150888109755735677673924","183621375590788407377910055629293819672","259551223267396262094537903215403153166","17390960073133957664162122567197553933","12609618981181033468800764398073803856","320349939086085918108591888073733668081","65524964548398313603688485331312277583","129954042094695102369950954182751957269","143508086616683471115071605324633612574","258022394088577106283795330596546876565","93728355049263162954061760251971707874","217757434896733779703441820993131721611","195304856574148835469825061821872353112","57257392547751187524916959267593665849","217095406291626438399461037827509695166"]},"signature_type":"Line","deprecated":false,"target":{"file":"src/metadata/sony.cpp"}},{"signature_version":"v1","id":"CVE-2020-35535-4babbd97","source":"https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81","digest":{"function_hash":"332817766350570600695621536726892071554","length":3131},"signature_type":"Function","deprecated":false,"target":{"file":"src/metadata/sony.cpp","function":"LibRaw::parseSonySRF"}},{"signature_version":"v1","id":"CVE-2020-35535-77ecd092","source":"https://github.com/libraw/libraw/commit/c243f4539233053466c1309bde606815351bee81","digest":{"function_hash":"37495140435446563446574136542006398379","length":3639},"signature_type":"Function","deprecated":false,"target":{"file":"src/metadata/sony.cpp","function":"LibRaw::parseSonySR2"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35535.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.20.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.21.0-beta1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}