VDB
CVE-2020-24870
CVE-2020-24870
PUBLISHED
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
EPSS 0.58% · 69.2th percentile
Risk Scores
EPSS Score
0.58%
69.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | dcraw | 9.28-2, 0 |
| Ubuntu:24.04:LTS | dcraw | 9.28-5ubuntu1, 9.28-3, 9.28-3.1ubuntu1 |
| Ubuntu:25.10 | rawtherapee | 0, 5.11-2build2 |
| Ubuntu:22.04:LTS | darktable | 3.6.0-0ubuntu1, 0, 3.8.1-2 |
| Ubuntu:22.04:LTS | dcraw | 9.28-2, 9.28-3, 0 |
| Ubuntu:25.10 | kodi | 2:21.2+dfsg-1build2, 2:21.2+dfsg-4, 0 |
| Ubuntu:25.10 | exactimage | 0, 1.2.1-2 |
| Ubuntu:16.04:LTS | exactimage | 0.9.1-12ubuntu1, 0.9.1-9build1, 0.9.1-8ubuntu1 |
| Ubuntu:22.04:LTS | kodi | 2:19.1+dfsg2-2, 2:19.3+dfsg1-1, 2:19.3+dfsg1-1build2 |
| Ubuntu:20.04:LTS | rawtherapee | 0, 5.6-1, 5.7-1 |
| Ubuntu:24.04:LTS | kodi | 0, 2:20.2+dfsg-4build1, 2:20.2+dfsg-4ubuntu1 |
| Ubuntu:25.10 | darktable | 5.0.1-2, 5.0.1-0ubuntu2, 5.0.1-1 |
| Ubuntu:24.04:LTS | exactimage | 1.0.2-11build7, 1.0.2-11build8, 1.0.2-11build3 |
| Ubuntu:18.04:LTS | dcraw | 9.27-1ubuntu1, 0 |
| Ubuntu:16.04:LTS | ufraw | 0, 0.20-3build1 |
| Ubuntu:16.04:LTS | dcraw | 9.21-0.2, 0 |
| Ubuntu:22.04:LTS | exactimage | 0, 1.0.2-8build3, 1.0.2-8build1 |
| Ubuntu:18.04:LTS | darktable | 0, 2.4.1-1, 2.4.2-1 |
| Ubuntu:18.04:LTS | ufraw | 0.22-3, 0.22-3.1ubuntu0.1, 0.22-3.1~build0.18.04.1 |
| Ubuntu:24.04:LTS | darktable | 4.6.1-2ubuntu1, 0, 4.4.2-1ubuntu2 |
…and 12 more
Timeline
- Jun 2, 2021 CVE Published
- Jun 3, 2021 EPSS Score
- Jun 10, 2021 CVE Updated
- Aug 5, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 6, 2022 EPSS Score
- Jun 6, 2022 EPSS Score
- Aug 7, 2022 EPSS Score
- Dec 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-24870 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-24870 third-party-advisory