CVE-2026-21413
EUVD-2026-1962407.04.2026, 15:17
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libraw | libraw | 0.22.0 |
| libraw | libraw | 0.22.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| darktable |
| ||||||||||||||
| dcraw |
| ||||||||||||||
| digikam |
| ||||||||||||||
| exactimage |
| ||||||||||||||
| kodi |
| ||||||||||||||
| libraw |
| ||||||||||||||
| rawtherapee |
| ||||||||||||||
| ufraw |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libraw-devel |
| ||||||||
| libraw16 |
|
Red Hat Enterprise Linux Releases
Amazon Linux Releases
Common Weakness Enumeration
- CWE-129 - Improper Validation of Array IndexThe product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References