CVE-2026-5318 LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write

🗓️ 02 Apr 2026 01:45:12Reported by VulDBType

LibRaw up to 0.22.0 has a CVE for out-of-bounds write in HuffTable::initval, enabling remote exploit; fix in 0.22.1.

Reporter	Title	Published	Views	Family All 50
ATTACKERKB	CVE-2026-5318	2 Apr 202601:45	–	attackerkb
AlpineLinux	CVE-2026-5318	2 Apr 202601:45	–	alpinelinux
Circl	CVE-2026-5318	2 Apr 202606:31	–	circl
CNNVD	Libraw 缓冲区错误漏洞	2 Apr 202600:00	–	cnnvd
CVE	CVE-2026-5318	2 Apr 202601:45	–	cve
Debian CVE	CVE-2026-5318	2 Apr 202601:45	–	debiancve
EUVD	EUVD-2026-18116	2 Apr 202603:31	–	euvd
Fedora	[SECURITY] Fedora 44 Update: kf6-kimageformats-6.24.0-3.fc44	13 Apr 202621:07	–	fedora
Fedora	[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44	13 Apr 202621:07	–	fedora
Fedora	[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44	13 Apr 202621:07	–	fedora

[
  {
    "vendor": "n/a",
    "product": "LibRaw",
    "versions": [
      {
        "version": "0.1",
        "status": "affected"
      },
      {
        "version": "0.2",
        "status": "affected"
      },
      {
        "version": "0.3",
        "status": "affected"
      },
      {
        "version": "0.4",
        "status": "affected"
      },
      {
        "version": "0.5",
        "status": "affected"
      },
      {
        "version": "0.6",
        "status": "affected"
      },
      {
        "version": "0.7",
        "status": "affected"
      },
      {
        "version": "0.8",
        "status": "affected"
      },
      {
        "version": "0.9",
        "status": "affected"
      },
      {
        "version": "0.10",
        "status": "affected"
      },
      {
        "version": "0.11",
        "status": "affected"
      },
      {
        "version": "0.12",
        "status": "affected"
      },
      {
        "version": "0.13",
        "status": "affected"
      },
      {
        "version": "0.14",
        "status": "affected"
      },
      {
        "version": "0.15",
        "status": "affected"
      },
      {
        "version": "0.16",
        "status": "affected"
      },
      {
        "version": "0.17",
        "status": "affected"
      },
      {
        "version": "0.18",
        "status": "affected"
      },
      {
        "version": "0.19",
        "status": "affected"
      },
      {
        "version": "0.20",
        "status": "affected"
      },
      {
        "version": "0.21",
        "status": "affected"
      },
      {
        "version": "0.22.0",
        "status": "affected"
      },
      {
        "version": "0.22.1",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "JPEG DHT Parser"
    ]
  }
]

Source	Link
github	www.github.com/LibRaw/LibRaw/issues/794
github	www.github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
github	www.github.com/LibRaw/LibRaw/issues/794
vuldb	www.vuldb.com/vuln/354650/cti
github	www.github.com/biniamf/pocs/tree/main/libraw_lljpeg
vuldb	www.vuldb.com/vuln/354650
github	www.github.com/LibRaw/LibRaw/releases/tag/0.22.1
github	www.github.com/LibRaw/LibRaw/
vuldb	www.vuldb.com/submit/780538

07 Apr 2026 11:26Current

CVSS 3.14.3

CVSS 34.3

CVSS 25

CVSS 45.3

EPSS0.00087