{"id":"CVE-2021-32142","details":"Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.","modified":"2026-04-16T04:38:02.234532940Z","published":"2023-02-17T18:15:10.860Z","related":["ALSA-2023:6343","ALSA-2024:2994","SUSE-SU-2023:0510-1","SUSE-SU-2023:0511-1","SUSE-SU-2023:0512-1"],"references":[{"type":"WEB","url":"https://www.libraw.org/"},{"type":"WEB","url":"https://github.com/gtt1995"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5412"},{"type":"REPORT","url":"https://github.com/LibRaw/LibRaw/issues/400"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"last_affected":"2aee1220d5ecdcb8887b11c3d505a900570852c6"},{"fixed":"bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.20.0"}]}}],"versions":["0.12.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.20-RC2","0.20.0","0.20.1","0.20.2"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"81537286543682610447369285951027231239","length":199},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","id":"CVE-2021-32142-31df3fd3","target":{"function":"LibRaw_file_datastream::gets","file":"src/libraw_datastream.cpp"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","target":{"function":"LibRaw_buffer_datastream::gets","file":"src/libraw_datastream.cpp"},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","id":"CVE-2021-32142-85652960","digest":{"function_hash":"286491763390684630258264132505426074568","length":559},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"function_hash":"125079287825345516398437667214404768579","length":132},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","id":"CVE-2021-32142-d895dd03","target":{"function":"LibRaw_bigfile_datastream::gets","file":"src/libraw_datastream.cpp"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["86824672576354342994279395504079416009","208285136829749272023630488284903698110","246686468344042786203772885753692717520","156655833131235789381585821138325741479","299496342817353293845719362196388617536","97267469384921867083102630172811268428","114025178590675028232523899343171257429","153514794021984729152833380180636400734","277607046158668096422371046479095655182","236492368691662327124583659124535641868","245719843120764539298744244989077674417","284374123599808139061660728445240826041"]},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","id":"CVE-2021-32142-e63d56e3","target":{"file":"src/libraw_datastream.cpp"},"deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32142.json","vanir_signatures_modified":"2026-04-11T17:12:31Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}