CVE-2021-32142: Buffer Overflow
First published: Fri Feb 17 2023(Updated: )
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libraw Libraw | =0.20.0 | |
| debian/libraw | <=0.19.2-2 | 0.19.2-2+deb10u4 0.20.2-1+deb11u1 0.20.2-2.1 0.21.1-7 |
| debian/libraw | <=0.20.2-1<=0.20.2-2 | 0.21.1-1 0.20.2-2.1 0.20.2-1+deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
- https://github.com/LibRaw/LibRaw/issues/400
- https://github.com/gtt1995
- https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/
- https://www.debian.org/security/2023/dsa-5412
- https://www.libraw.org/
- https://security-tracker.debian.org/tracker/CVE-2021-32142
- https://www.cve.org/CVERecord?id=CVE-2021-32142
- https://security-tracker.debian.org/tracker/CVE-2023-1729
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2172133
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2172134
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2172135
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2172136
- https://github.com/LibRaw/LibRaw/pull/611
- https://access.redhat.com/errata/RHSA-2023:6343
- https://access.redhat.com/errata/RHSA-2024:0343
- https://access.redhat.com/errata/RHSA-2024:2994
- https://bugzilla.redhat.com/show_bug.cgi?id=2172004
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-32142.
What is the severity rating of CVE-2021-32142?
The severity rating of CVE-2021-32142 is 7.8 (High).
What is the description of CVE-2021-32142?
CVE-2021-32142 is a Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 that allows an attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
Which software versions are affected by CVE-2021-32142?
The software version affected by CVE-2021-32142 is LibRaw linux/unix v0.20.0.
How can I fix CVE-2021-32142?
To fix CVE-2021-32142, update to version 0.20.2-2.1 or later of the LibRaw software.
- collector/nvd-index
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2021-32142
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/libraw
- canonical/libraw libraw
- version/libraw libraw/0.20.0
- package-manager/debian