Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the LibRaw-0.20.2-6.el9 build changelog.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0343 advisory.

  - LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp     (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0343 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0343 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6343 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6343 advisory.

  - LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp     (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of LibRaw installed on the remote host is prior to 0.20.2 / 0.21.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-295-01 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

  - A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file     may lead to an application crash. (CVE-2023-1729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2256 advisory.

  - Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
    (CVE-2020-22628)

  - In LibRaw, there is an out-of-bounds write vulnerability within the new_node() function     (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. (CVE-2020-35530)

  - In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function     (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. (CVE-2020-35531)

  - In LibRaw, an out-of-bounds read vulnerability exists within the simple_decode_row() function     (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
    (CVE-2020-35532)

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6137-1 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

  - A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file     may lead to an application crash. (CVE-2023-1729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5412 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

  - A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file     may lead to an application crash. (CVE-2023-1729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3433 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

  - A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file     may lead to an application crash. (CVE-2023-1729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-be842ba7fb advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-220878f1bf advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0510-1 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0511-1 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0512-1 advisory.

  - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the     LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191395	CentOS 9 : LibRaw-0.20.2-6.el9	Nessus	CentOS Local Security Checks	high
189526	RHEL 7 : LibRaw (RHSA-2024:0343)	Nessus	Red Hat Local Security Checks	high
189511	CentOS 7 : LibRaw (RHSA-2024:0343)	Nessus	CentOS Local Security Checks	high
189379	Oracle Linux 7 : LibRaw (ELSA-2024-0343)	Nessus	Oracle Linux Local Security Checks	high
185851	Oracle Linux 9 : LibRaw (ELSA-2023-6343)	Nessus	Oracle Linux Local Security Checks	high
185124	RHEL 9 : LibRaw (RHSA-2023:6343)	Nessus	Red Hat Local Security Checks	high
183677	Slackware Linux 15.0 / current LibRaw Multiple Vulnerabilities (SSA:2023-295-01)	Nessus	Slackware Local Security Checks	high
181711	Amazon Linux 2 : LibRaw (ALAS-2023-2256)	Nessus	Amazon Linux Local Security Checks	high
176715	Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : LibRaw vulnerabilities (USN-6137-1)	Nessus	Ubuntu Local Security Checks	high
176436	Debian DSA-5412-1 : libraw - security update	Nessus	Debian Local Security Checks	high
176433	Debian DLA-3433-1 : libraw - LTS security update	Nessus	Debian Local Security Checks	high
172625	Fedora 37 : mingw-LibRaw (2023-be842ba7fb)	Nessus	Fedora Local Security Checks	high
172620	Fedora 36 : mingw-LibRaw (2023-220878f1bf)	Nessus	Fedora Local Security Checks	high
171915	SUSE SLED12 / SLES12 Security Update : libraw (SUSE-SU-2023:0510-1)	Nessus	SuSE Local Security Checks	high
171914	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libraw (SUSE-SU-2023:0511-1)	Nessus	SuSE Local Security Checks	high
171910	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libraw (SUSE-SU-2023:0512-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2021-32142

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high