EUVD-2026-18344

🗓️ 02 Apr 2026 15:31:43Reported by EUVDType

LibRaw up to 0.22.0 allows remote out-of-bounds read in nikon_load_padded_packed_raw; upgrade to 0.22.1.

Reporter	Title	Published	Views	Family All 66
ATTACKERKB	CVE-2026-5342	2 Apr 202614:30	–	attackerkb
AlpineLinux	CVE-2026-5342	2 Apr 202614:30	–	alpinelinux
CNNVD	Libraw 缓冲区错误漏洞	2 Apr 202600:00	–	cnnvd
CVE	CVE-2026-5342	2 Apr 202614:30	–	cve
Cvelist	CVE-2026-5342 LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds	2 Apr 202614:30	–	cvelist
Debian CVE	CVE-2026-5342	2 Apr 202614:30	–	debiancve
Fedora	[SECURITY] Fedora 44 Update: kf6-kimageformats-6.24.0-3.fc44	13 Apr 202621:07	–	fedora
Fedora	[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44	13 Apr 202621:07	–	fedora
Fedora	[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44	13 Apr 202621:07	–	fedora
Fedora	[SECURITY] Fedora 44 Update: kstars-3.8.0-6.fc44	13 Apr 202621:07	–	fedora

[
  {
    "enisaIdVendor": [
      {
        "id": "888a0b18-1605-3e9d-9806-182c8e1c322e",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "074e9dbb-906f-336e-9ea0-5edf0f40c1e9",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.9"
      },
      {
        "id": "118fe63c-046c-3ffa-b3a1-6ab0ac12bfa1",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.8"
      },
      {
        "id": "1667b2be-e75d-38ac-bbe4-e4e98046a243",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.15"
      },
      {
        "id": "3f3dfd16-d7d0-3e94-80d8-0d8062e14fda",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.16"
      },
      {
        "id": "44e32679-3add-3c29-a5a2-793f50a2b6aa",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.14"
      },
      {
        "id": "451fa6d0-5b35-3ba9-b0d4-0e6d8721ddb5",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.1"
      },
      {
        "id": "5af4ad8e-5b06-3fbf-b2cc-a0d3340c07b3",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.7"
      },
      {
        "id": "5b3f1967-1c0d-3186-92c4-58ff685c30b7",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.17"
      },
      {
        "id": "5e3f1e35-1e28-3b8e-981c-90365d7a58a8",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.13"
      },
      {
        "id": "693f7b47-ee39-3f8b-a220-02ece33ffdf7",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.20"
      },
      {
        "id": "6faa73f0-80e1-39fd-8a7b-78344ef9fd23",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.12"
      },
      {
        "id": "7b5804df-c7fa-301e-892a-5055f5a1a3a8",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.18"
      },
      {
        "id": "964b1358-b33e-3a0c-a443-5e1e05039d6b",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.5"
      },
      {
        "id": "9cafd329-dd62-301c-a24f-903bc3598a51",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.19"
      },
      {
        "id": "a5672e14-550f-3b97-b4dd-0a688f970647",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.11"
      },
      {
        "id": "a884fb54-b7a0-32df-9366-51039de7d061",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.22.0"
      },
      {
        "id": "c625d9ea-c256-3e85-be11-50e987443282",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.2"
      },
      {
        "id": "cc125b82-e573-32e5-a16a-0ec4b297c41a",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.3"
      },
      {
        "id": "d8138e48-9b59-3f75-9027-6a44a8029317",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.10"
      },
      {
        "id": "e2f29644-3e96-3a5d-8ab3-7c76068b3bbb",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.6"
      },
      {
        "id": "eaf619b5-0e7f-34b1-81fc-31d665e26099",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.4"
      },
      {
        "id": "f331e98a-8322-38e4-af12-91a1be4896e1",
        "product": {
          "name": "LibRaw"
        },
        "product_version": ""
      },
      {
        "id": "fafd69b9-0b8c-3c00-bd5d-4aa4fbe22630",
        "product": {
          "name": "LibRaw"
        },
        "product_version": "0.21"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/354671
vuldb	www.vuldb.com/vuln/354671/cti
vuldb	www.vuldb.com/submit/781223
github	www.github.com/LibRaw/LibRaw/issues/795
github	www.github.com/LibRaw/LibRaw/issues/795
github	www.github.com/biniamf/pocs/tree/main/libraw_nikonpadded
github	www.github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c
github	www.github.com/LibRaw/LibRaw/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-5342

02 Apr 2026 15:31Current

5.5Medium risk

Vulners AI Score5.5

CVSS 46.9

CVSS 25

CVSS 3.15.3

CVSS 35.3

EPSS0.00058