{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"LibRaw security update", "category":"general", "title":"Synopsis" }, { "text":"An update for LibRaw is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data.\n\nSecurity Fix(es):\n\nBuffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.(CVE-2021-32142)", "category":"general", "title":"Description" }, { "text":"An update for LibRaw is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"LibRaw", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1448", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1448" }, { "summary":"CVE-2021-32142", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-32142&packageName=LibRaw" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32142" }, { "summary":"openEuler-SA-2024-1448 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1448.json" } ], "title":"An update for LibRaw is now available for openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-04-12T09:15:39+08:00", "revision_history":[ { "date":"2024-04-12T09:15:39+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:15:39+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:15:39+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:15:39+08:00", "id":"openEuler-SA-2024-1448", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-devel-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"LibRaw-devel-0.20.2-6.oe1.aarch64.rpm" }, "name":"LibRaw-devel-0.20.2-6.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-debuginfo-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"LibRaw-debuginfo-0.20.2-6.oe1.aarch64.rpm" }, "name":"LibRaw-debuginfo-0.20.2-6.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-debugsource-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"LibRaw-debugsource-0.20.2-6.oe1.aarch64.rpm" }, "name":"LibRaw-debugsource-0.20.2-6.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"LibRaw-0.20.2-6.oe1.aarch64.rpm" }, "name":"LibRaw-0.20.2-6.oe1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-0.20.2-6.oe1.src.rpm(20.03-LTS-SP1)", "name":"LibRaw-0.20.2-6.oe1.src.rpm" }, "name":"LibRaw-0.20.2-6.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-devel-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"LibRaw-devel-0.20.2-6.oe1.x86_64.rpm" }, "name":"LibRaw-devel-0.20.2-6.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"LibRaw-0.20.2-6.oe1.x86_64.rpm" }, "name":"LibRaw-0.20.2-6.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-debuginfo-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"LibRaw-debuginfo-0.20.2-6.oe1.x86_64.rpm" }, "name":"LibRaw-debuginfo-0.20.2-6.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"LibRaw-debugsource-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"LibRaw-debugsource-0.20.2-6.oe1.x86_64.rpm" }, "name":"LibRaw-debugsource-0.20.2-6.oe1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-devel-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.aarch64", "name":"LibRaw-devel-0.20.2-6.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-debuginfo-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.aarch64", "name":"LibRaw-debuginfo-0.20.2-6.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-debugsource-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.aarch64", "name":"LibRaw-debugsource-0.20.2-6.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-0.20.2-6.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.aarch64", "name":"LibRaw-0.20.2-6.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-0.20.2-6.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.src", "name":"LibRaw-0.20.2-6.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-devel-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.x86_64", "name":"LibRaw-devel-0.20.2-6.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.x86_64", "name":"LibRaw-0.20.2-6.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-debuginfo-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.x86_64", "name":"LibRaw-debuginfo-0.20.2-6.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"LibRaw-debugsource-0.20.2-6.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.x86_64", "name":"LibRaw-debugsource-0.20.2-6.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2021-32142", "notes":[ { "text":"Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.src", "openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.src", "openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.x86_64" ], "details":"LibRaw security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1448" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.aarch64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.src", "openEuler-20.03-LTS-SP1:LibRaw-devel-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-debuginfo-0.20.2-6.oe1.x86_64", "openEuler-20.03-LTS-SP1:LibRaw-debugsource-0.20.2-6.oe1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2021-32142" } ] }