Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-24890

Published: 16 September 2020

** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way.

Notes

AuthorNote
mdeslaur
per the upstream bug, this is an issue in the toolchain used by
the bug reporter. The issue could not be reproduced on xenial,
bionic or focal, so closing as not affecting Ubuntu.

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
darktable
Launchpad, Ubuntu, Debian
focal Not vulnerable

bionic Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

dcraw
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

exactimage
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

kodi
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

libraw
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

rawtherapee
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

ufraw
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable

xbmc
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H