Oval Definition:oval:org.opensuse.security:def:202015503
Revision Date:2023-06-22Version:1
Title:CVE-2020-15503
Description:

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-15503
SUSE-SU-2020:2028-1
SUSE-SU-2020:2029-1
openSUSE-SU-2020:1088-1
openSUSE-SU-2020:1128-1
Mitre CVE-2020-15503
SUSE CVE-2020-15503
SUSE-SU-2020:2028-1
SUSE-SU-2020:2029-1
openSUSE-SU-2020:1088-1
openSUSE-SU-2020:1128-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Desktop 12 SP5
SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP4
SUSE Linux Enterprise Workstation Extension 12 SP5
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE Linux Enterprise Workstation Extension 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP5 is installed
  • AND Package Information
  • libraw-0.15.4-33 is installed
  • OR libraw9-0.15.4-33 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libraw-0.18.9-lp151.4.3 is installed
  • AND libraw is signed with openSUSE key
  • OR
  • libraw-devel-0.18.9-lp151.4.3 is installed
  • AND libraw-devel is signed with openSUSE key
  • OR
  • libraw-devel-static-0.18.9-lp151.4.3 is installed
  • AND libraw-devel-static is signed with openSUSE key
  • OR
  • libraw-tools-0.18.9-lp151.4.3 is installed
  • AND libraw-tools is signed with openSUSE key
  • OR
  • libraw16-0.18.9-lp151.4.3 is installed
  • AND libraw16 is signed with openSUSE key
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Software Development Kit 12 SP5 is installed
  • AND
  • libraw-0.15.4-33 is installed
  • OR libraw-devel-0.15.4-33 is installed
  • OR libraw-devel-static-0.15.4-33 is installed
  • OR libraw9-0.15.4-33 is installed
  • OR Package Information
  • SUSE Linux Enterprise Workstation Extension 12 SP5 is installed
  • AND
  • libraw-0.15.4-33 is installed
  • OR libraw9-0.15.4-33 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • OR SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND
  • libraw-0.18.9-3.11 is installed
  • OR libraw-devel-static-0.18.9-3.11 is installed
  • OR libraw-tools-0.18.9-3.11 is installed
  • OR Package Information
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND
  • libraw-0.18.9-3.11 is installed
  • OR libraw-devel-0.18.9-3.11 is installed
  • OR libraw16-0.18.9-3.11 is installed
  • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • libraw-devel-0.18.9-lp152.5.3.1 is installed
  • AND libraw-devel is signed with openSUSE key
  • OR
  • libraw-devel-static-0.18.9-lp152.5.3.1 is installed
  • AND libraw-devel-static is signed with openSUSE key
  • OR
  • libraw-tools-0.18.9-lp152.5.3.1 is installed
  • AND libraw-tools is signed with openSUSE key
  • OR
  • libraw16-0.18.9-lp152.5.3.1 is installed
  • AND libraw16 is signed with openSUSE key
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND
  • libraw-0.18.9-3.11 is installed
  • OR libraw-devel-static-0.18.9-3.11 is installed
  • OR libraw-tools-0.18.9-3.11 is installed
  • OR Package Information
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND
  • libraw-0.18.9-3.11 is installed
  • OR libraw-devel-0.18.9-3.11 is installed
  • OR libraw16-0.18.9-3.11 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND
  • libraw-0.18.9-3.11 is installed
  • OR libraw-devel-static-0.18.9-3.11 is installed
  • OR libraw-tools-0.18.9-3.11 is installed
  • OR Package Information
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND
  • libraw-0.18.9-3.11 is installed
  • OR libraw-devel-0.18.9-3.11 is installed
  • OR libraw16-0.18.9-3.11 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • libraw-devel-0.18.9-3.11.1 is installed
  • OR libraw16-0.18.9-3.11.1 is installed
  • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • libraw-devel-0.20.2-4.1 is installed
  • OR libraw-devel-static-0.20.2-4.1 is installed
  • OR libraw-tools-0.20.2-4.1 is installed
  • OR libraw20-0.20.2-4.1 is installed
  • OR libraw20-32bit-0.20.2-4.1 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • libraw-devel-0.18.9-3.11.1 is installed
  • OR libraw16-0.18.9-3.11.1 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • libraw-devel-0.18.9-3.11.1 is installed
  • OR libraw16-0.18.9-3.11.1 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP4 is installed
  • AND libraw is affected
  • OR Package Information
  • SUSE Linux Enterprise Desktop 12 SP5 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP5 is installed
  • AND libraw9-0.15.4-33.1 is installed
  • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • libraw16-0.18.9-bp153.2.25 is installed
  • AND libraw16 is signed with openSUSE key
  • Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • libraw20-0.20.2-150400.1.36 is installed
  • AND libraw20 is signed with openSUSE key
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND libraw20-0.20.2-150400.1.36 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP4 is installed
  • AND
  • libraw-devel-0.20.2-150400.1.36 is installed
  • OR libraw16-0.18.9-3.14.1 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP5 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP5 is installed
  • AND libraw9-0.15.4-33.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP5 is installed
  • AND
  • libraw-devel-0.15.4-33.1 is installed
  • OR libraw-devel-static-0.15.4-33.1 is installed
  • OR libraw9-0.15.4-33.1 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP4 is installed
  • AND libraw is affected
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND libraw20-0.20.2-150400.3.6.1 is installed
  • BACK