CVE-2026-21413

EUVD-2026-19624
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
librawlibraw
0.22.0
librawlibraw
0.22.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libraw
bionic
needed
focal
needed
jammy
needed
noble
needed
questing
needed
resolute
needed
xenial
needed
ufraw
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
xenial
ignored
darktable
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
exactimage
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
dcraw
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
rawtherapee
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
kodi
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
digikam
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libraw-devel
suse enterprise desktop 15 SP7
0.21.1-150600.3.10.1
fixed
suse enterprise sap 15 SP7
0.21.1-150600.3.10.1
fixed
suse enterprise server 15 SP7
0.21.1-150600.3.10.1
fixed
suse enterprise workstation 15 SP7
0.21.1-150600.3.10.1
fixed
libraw16
suse enterprise desktop 15 SP7
0.18.9-150000.3.33.1
fixed
suse enterprise sap 15 SP7
0.18.9-150000.3.33.1
fixed
suse enterprise server 15 SP7
0.18.9-150000.3.33.1
fixed
suse enterprise workstation 15 SP7
0.18.9-150000.3.33.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
LibRaw
RHEL 8
0:0.19.5-6.el8_10
fixed
RHEL 9
0:0.21.1-2.el9_8
fixed
LibRaw-devel
RHEL 8
0:0.19.5-6.el8_10
fixed
RHEL 9
0:0.21.1-2.el9_8
fixed
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331