CVE-2020-24889 – A buffer overflow vulnerability in LibRaw's Get... (How to Fix)

Q: How do I fix CVE-2020-24889?

1. Update LibRaw to version 20.0 or later. 2. For Linux distributions: Use package manager (apt-get update && apt-get upgrade libraw, yum update libraw, etc.). 3. For Windows/macOS: Download updated version from libraw.org. 4. Rebuild/reinstall any applications that link against LibRaw. 5. Restart affected services or applications.

Q: What is the severity of CVE-2020-24889?

CVE-2020-24889 has a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability in LibRaw's GetNormalizedModel function allows attackers to execute arbitrary code by providing specially crafted image files. This affects any application using LibRaw library versions before 20.0 to process image files. Users of photo editing software, digital asset management systems, or web applications that process RAW camera images are potentially vulnerable.

📋 TL;DR

A buffer overflow vulnerability in LibRaw's GetNormalizedModel function allows attackers to execute arbitrary code by providing specially crafted image files. This affects any application using LibRaw library versions before 20.0 to process image files. Users of photo editing software, digital asset management systems, or web applications that process RAW camera images are potentially vulnerable.

💻 Affected Systems

Products:

LibRaw library
Applications using LibRaw (e.g., darktable, RawTherapee, GIMP with LibRaw plugin, various photo management software)

Versions: LibRaw versions < 20.0

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses vulnerable LibRaw versions to process RAW image formats (CR2, NEF, ARW, etc.) is affected. The vulnerability is in the library itself, not specific applications.

📦 What is this software?

Libraw by Libraw

View all CVEs affecting Libraw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using LibRaw, potentially leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) when processing malicious image files, with potential for limited code execution depending on memory protections.

🟢

If Mitigated

Application crash without code execution if modern OS protections (ASLR, DEP) are effective, but still causing service disruption.

🌐 Internet-Facing: MEDIUM - Applications that accept user-uploaded image files from the internet are at risk, but exploitation requires specific conditions.

🏢 Internal Only: LOW - Risk is limited to internal users processing malicious image files, which is less likely than internet-facing exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof of concept exists in GitHub issue #334. Exploitation requires crafting a malicious RAW image file and getting the target to process it. Modern exploit mitigations may reduce reliability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LibRaw 20.0 and later

Vendor Advisory: https://github.com/LibRaw/LibRaw/issues/334

Restart Required: Yes

Instructions:

1. Update LibRaw to version 20.0 or later. 2. For Linux distributions: Use package manager (apt-get update && apt-get upgrade libraw, yum update libraw, etc.). 3. For Windows/macOS: Download updated version from libraw.org. 4. Rebuild/reinstall any applications that link against LibRaw. 5. Restart affected services or applications.

🔧 Temporary Workarounds

Disable RAW image processing

all

Temporarily disable processing of RAW image formats in applications using LibRaw

Application-specific configuration required

Use file type restrictions

all

Implement file upload restrictions to block RAW image formats

Web server configuration (e.g., .htaccess, nginx rules) or application-level validation

🧯 If You Can't Patch

Implement strict input validation for image uploads - reject suspicious or malformed files
Run applications with minimal privileges and in sandboxed/containerized environments

🔍 How to Verify

Check if Vulnerable:

Check LibRaw version: On Linux: dpkg -l | grep libraw or rpm -qa | grep libraw. For applications: ldd /path/to/application | grep libraw to see linked version.

Check Version:

libraw-config --version or check package manager output

Verify Fix Applied:

Confirm LibRaw version is >= 20.0 using version check command. Test processing known safe RAW images to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing image files
Segmentation faults in processes using LibRaw
Unexpected process termination

Network Indicators:

Uploads of RAW image files to web applications
Unusual file transfer patterns

SIEM Query:

Process: (name contains "darktable" OR "rawtherapee" OR "gimp") AND Event: (contains "segmentation fault" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2020-24889

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 16, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/LibRaw/LibRaw/issues/334 Exploit,Issue Tracking,Third Party Advisory
https://security.gentoo.org/glsa/202010-05 Third Party Advisory
https://github.com/LibRaw/LibRaw/issues/334 Exploit,Issue Tracking,Third Party Advisory
https://security.gentoo.org/glsa/202010-05 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24889, you might also want to check these: