Debian 10032 Published by

A libraw security update has been released for Debian GNU/Linux 10 LTS to address two buffer overflow vulnerabilities.

DLA 3433-1: libraw security update

Debian LTS Advisory DLA-3433-1 Guilhem Moulin
May 27, 2023

Package : libraw
Version : 0.19.2-2+deb10u3
CVE ID : CVE-2021-32142 CVE-2023-1729
Debian Bug : 1031790 1036281

Buffer Overflow vulnerabilities were found in libraw, a raw image
decoder library, which could lead to application crash or privilege


A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
gets(char*, int), which could lead to privilege escalation or
application crash.


A heap-buffer-overflow was found in raw2image_ex(int), which may
lead to application crash by maliciously crafted input file.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your libraw packages.

For the detailed security status of libraw please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: