{"id":"CVE-2021-32142","details":"Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.","modified":"2026-02-14T00:14:50.969037Z","published":"2023-02-17T18:15:10.860Z","related":["ALSA-2023:6343","ALSA-2024:2994","MGASA-2023-0082","SUSE-SU-2023:0510-1","SUSE-SU-2023:0511-1","SUSE-SU-2023:0512-1"],"references":[{"type":"WEB","url":"https://github.com/gtt1995"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/"},{"type":"WEB","url":"https://www.libraw.org/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5412"},{"type":"REPORT","url":"https://github.com/LibRaw/LibRaw/issues/400"},{"type":"FIX","url":"https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"},{"type":"EVIDENCE","url":"https://github.com/LibRaw/LibRaw/issues/400"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libraw/libraw","events":[{"introduced":"0"},{"fixed":"bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"}]}],"versions":["0.11.0-Release","0.11.1","0.11.2","0.12.0","0.12.1","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.15.0","0.16.0","0.17.0","0.18.0","0.20-RC2","0.20.0","0.20.1","0.20.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32142.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2021-32142-31df3fd3","target":{"function":"LibRaw_file_datastream::gets","file":"src/libraw_datastream.cpp"},"deprecated":false,"digest":{"length":199,"function_hash":"81537286543682610447369285951027231239"},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","signature_type":"Function"},{"signature_version":"v1","id":"CVE-2021-32142-85652960","target":{"function":"LibRaw_buffer_datastream::gets","file":"src/libraw_datastream.cpp"},"deprecated":false,"digest":{"length":559,"function_hash":"286491763390684630258264132505426074568"},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","signature_type":"Function"},{"signature_version":"v1","id":"CVE-2021-32142-d895dd03","target":{"function":"LibRaw_bigfile_datastream::gets","file":"src/libraw_datastream.cpp"},"deprecated":false,"digest":{"length":132,"function_hash":"125079287825345516398437667214404768579"},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","signature_type":"Function"},{"signature_version":"v1","id":"CVE-2021-32142-e63d56e3","target":{"file":"src/libraw_datastream.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["86824672576354342994279395504079416009","208285136829749272023630488284903698110","246686468344042786203772885753692717520","156655833131235789381585821138325741479","299496342817353293845719362196388617536","97267469384921867083102630172811268428","114025178590675028232523899343171257429","153514794021984729152833380180636400734","277607046158668096422371046479095655182","236492368691662327124583659124535641868","245719843120764539298744244989077674417","284374123599808139061660728445240826041"]},"source":"https://github.com/libraw/libraw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","signature_type":"Line"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}