Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870
Reference (s):
- https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d
- https://github.com/LibRaw/LibRaw/issues/330