Improper Input Validation Affecting libraw package, versions [,0.20.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
3.67% (89th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-LIBRAW-10077291
  • published8 May 2025
  • disclosed2 Jul 2020
  • creditUnknown

Introduced: 2 Jul 2020

CVE-2020-15503  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade libraw to version 0.20.0 or higher.

Overview

Affected versions of this package are vulnerable to Improper Input Validation. LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

CVSS Base Scores

version 3.1