CVE-2020-35532: 
NixOS vulnerability analysis and mitigation

An out-of-bounds read vulnerability was discovered in LibRaw's 'simpledecoderow()' function (located in libraw\src\x3f\x3futilspatched.cpp). The vulnerability can be triggered via an image with a large row_stride field. This security issue was assigned CVE-2020-35532 and was reported by GitHub user GirlElecta (Debian LTS, CVE Mitre).

The vulnerability exists in the simpledecoderow() function within LibRaw's X3F format processing code. The issue occurs when processing images with a large rowstride field, which can lead to an out-of-bounds read condition. The fix involved adding a boundary check to verify that the data offset does not exceed the available buffer size, specifically checking if row*rowstride is greater than ID->datasize - (ID->columns*sizeof(uint32t)) (LibRaw Commit).

When exploited, this vulnerability could lead to an out-of-bounds read condition, potentially causing program crashes or allowing an attacker to read sensitive information from memory. The vulnerability affects applications that use LibRaw for processing X3F format images (Debian Security).

The vulnerability has been patched in various LibRaw versions across different distributions. Debian released version 0.19.2-2+deb10u1 for Debian 10 (Buster) to address this issue. Users are recommended to upgrade their LibRaw packages to the latest available version that includes the security fix (Debian LTS).