CVE-2020-35530: 
NixOS vulnerability analysis and mitigation

CVE-2020-35530 is an out-of-bounds write vulnerability discovered in LibRaw, specifically within the 'newnode()' function located in libraw\src\x3f\x3futils_patched.cpp. The vulnerability can be triggered by processing a specially crafted X3F image file (CVE Mitre, Debian Security).

The vulnerability occurs in the new_node() function when processing X3F files. The issue stems from insufficient boundary checking in the huffman tree creation process. The vulnerability has a CVSS 3.1 Base Score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (Ubuntu Security).

When exploited, this vulnerability could lead to an out-of-bounds write condition, potentially causing application crashes and denial of service. The vulnerability affects applications that use LibRaw for processing X3F image files (Debian LTS).

The vulnerability has been patched in various versions of LibRaw. The fix involves adding a check for the huffman tree size in the new_node() function. Multiple distributions have released security updates, including Ubuntu (versions 0.19.5-1ubuntu1.1 for focal and 0.18.8-1ubuntu0.4 for bionic) and Debian (version 0.19.2-2+deb10u1) (GitHub Commit, Ubuntu Security).