Libraw

libraw

Vendor: Libraw • 63 CVEs

CVEs (63)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-24660 1Libraw 1Libraw Apr 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious...Show more A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2026-24450 1Libraw 1Libraw Apr 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malici...Show more An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2026-21413 1Libraw 1Libraw Apr 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacke...Show more A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2026-20911 1Libraw 1Libraw Apr 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker ca...Show more A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2026-20889 1Libraw 1Libraw Apr 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious...Show more A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2026-20884 1Libraw 1Libraw Apr 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file...Show more An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2026-5342 1Libraw 1Libraw Apr 29, 2026 Apr 2, 2026 5.5 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argumen...Show more A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.Show less
CVE-2026-5318 1Libraw 1Libraw Apr 29, 2026 Apr 2, 2026 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[...Show more A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.Show less
CVE-2025-43964 1Libraw 1Libraw Nov 3, 2025 Apr 21, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
CVE-2025-43963 1Libraw 1Libraw Nov 3, 2025 Apr 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
CVE-2025-43962 1Libraw 1Libraw Nov 3, 2025 Apr 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
CVE-2025-43961 1Libraw 1Libraw Nov 3, 2025 Apr 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
CVE-2020-22628 1Libraw 1Libraw May 5, 2025 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
CVE-2023-1729 3Fedoraproject LibrawRedhat 3Enterprise Linux FedoraLibraw Mar 20, 2025 May 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
CVE-2021-32142 1Libraw 1Libraw Mar 19, 2025 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
CVE-2020-35535 1Libraw 1Libraw Nov 21, 2024 Sep 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.
CVE-2020-35534 1Libraw 1Libraw Nov 21, 2024 Sep 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.
CVE-2020-35533 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Sep 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.
CVE-2020-35532 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Sep 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
CVE-2020-35531 2Debian Libraw 2Debian Linux Libraw Nov 21, 2024 Sep 1, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

12 3 4 Next