7 matches found
MiracleLinux 8 : LibRaw-0.19.5-6.el8_10 (AXSA:2026-557:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-557:02 advisory. LibRaw: LibRaw: Memory Corruption via Malicious File Processing CVE-2026-24660 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflo...
RHEL 8 : LibRaw (RHSA-2026:14655)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:14655 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw:...
Amazon Linux 2 : LibRaw, --advisory ALAS2-2026-3255 (ALAS-2026-3255)
The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3255 advisory. A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A speciall...
Fedora 42 : mingw-LibRaw (2026-826db1b5c0)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-826db1b5c0 advisory. Backport patch for CVE-2026-20884. ---- Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 ---- Update to libraw-0.21.5...
CVE-2026-20889
creationtimestamp| type| source ---|---|--- 2026-04-07 14:30:22+00:00| seen| https://infosec.place/objects/72a4c88b-fe5e-4af9-b409-08f3cb778fe0 2026-04-07 17:28:45+00:00| published-proof-of-concept| Telegram/Gs14uYrPx8dSRKbcySFOH0HeB-4fySLVXH6YHMHvpJUT40 2026-04-12 22:07:07+00:00| seen|...
CVE-2026-20889
CVE-2026-20889 affects LibRaw’s x3f_thumb_loader, where a heap-based buffer overflow exists in processing a specially crafted file. The issue arises from LibRaw commit d20315b and could be triggered by malicious input delivered as a file. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no...
CVE-2026-20889
A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...