CVE-2020-15503: Improper Input Validation

July 2, 2020 (updated August 19, 2020)

LibRaw lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.length.

References

nvd.nist.gov/vuln/detail/CVE-2020-15503

Code Behaviors & Features

Detect and mitigate CVE-2020-15503 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →