TencentOS Server 4: LibRaw (TSSA-2026:0413)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0413 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Astra Linux - уязвимость в libraw

LibRaw before 0.20-RC1 lacks a check for the thumbnail size range. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength is used without validating T.tlength...

RHEL 8 : LibRaw (RHSA-2026:15925)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:15925 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: LibRaw:...

MiracleLinux 8 : LibRaw-0.19.5-6.el8_10 (AXSA:2026-557:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-557:02 advisory. LibRaw: LibRaw: Memory Corruption via Malicious File Processing CVE-2026-24660 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflo...

LibRaw: LibRaw: Arbitrary code execution via specially crafted image file

A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful...

Important: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : LibRaw (RHSA-2026:13860)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:13860 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: LibRaw:...

Astra Linux - уязвимость в libraw

A flaw was discovered in LibRaw. A heap-buffer-overflow in the raw2imageex function, caused by a maliciously crafted file, may lead to an application crash...

Astra Linux - уязвимость в libraw

In LibRaw, there is an out-of-bounds write vulnerability within the "newnode" function libraw\src\x3f\x3futilspatched.cpp that can be triggered via a crafted X3F file...

Important: LibRaw

Issue Overview: A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. CVE-2026-20889 A heap-base...

RockyLinux 9 : LibRaw (RLSA-2026:11360)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11360 advisory. LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file CVE-2026-24450 LibRaw: LibRaw: Arbitrary code execution via heap-based...

Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015465 advisory. In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag...

Foxit, LibRaw vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

SUSE CVE-2026-20911

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-20884

A flaw was found in LibRaw. An integer overflow vulnerability in the deflatedngloadraw functionality allows a remote attacker to provide a specially crafted malicious file. This can lead to a heap buffer overflow, potentially resulting in arbitrary code execution. Mitigation This vulnerability ca...

CVE-2026-20911

A flaw was found in LibRaw. A remote attacker can exploit a heap-based buffer overflow vulnerability in the HuffTable::initval functionality by providing a specially crafted malicious file. This can lead to arbitrary code execution or a denial of service DoS on the affected system. Mitigation...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the losslessjpegloadraw function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted file. Remediation Upgrade libraw to version 0.22.1 or higher...

UBUNTU-CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-20911

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-24450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to ...