Foxit, LibRaw vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

OPENSUSE-SU-2026:10565-1 libraw-devel-0.22.1-1.1 on GA media

These are all security issues fixed in the libraw-devel-0.22.1-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 44 Update: luminance-hdr-2.6.1.1-89.fc44

Luminance HDR is a graphical user interface based on the Qt5 toolkit that provides a complete workflow for HDR imaging. Supported HDR formats: =E2=80=A2 OpenEXR extension: exr =E2=80=A2 Radiance RGBE extension: hdr =E2=80=A2 Tiff formats: 16bit, 32bit float and LogLuv extension: tiff =E2=80=A2 Ra...

[SECURITY] Fedora 44 Update: libkdcraw-26.03.80-2.fc44

Libkdcraw is a C++ interface around LibRaw library used to decode RAW picture files. More information about LibRaw can be found at http://www.libraw.org...

[SECURITY] Fedora 44 Update: LibRaw-0.22.1-1.fc44

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future...

[SECURITY] Fedora 44 Update: libpasraw-1.3.0-22.fc44

Provides shared library to interface Pascal program with libraw...

[SECURITY] Fedora 44 Update: kf5-libkdcraw-23.08.5-7.fc44

Libkdcraw is a C++ interface around LibRaw library used to decode RAW picture files. More information about LibRaw can be found at http://www.libraw.org...

Fedora 44 : ImageMagick / LibRaw / OpenImageIO / OpenImageIO2.5 / etc (2026-bef0050737)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-bef0050737 advisory. LibRaw 0.22.1 and rebuilds ---- Release 3.1.12.0 Apr 1, 2026 -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other clean...

ROOT-OS-DEBIAN-13-CVE-2026-21413 CVE-2026-21413 in rootio-libraw - Patched by Root

Root has patched CVE-2026-21413 in the rootio-libraw package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-24660 CVE-2026-24660 in rootio-libraw - Patched by Root

Root has patched CVE-2026-24660 in the rootio-libraw package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-20911 CVE-2026-20911 in rootio-libraw - Patched by Root

Root has patched CVE-2026-20911 in the rootio-libraw package for Root:Debian:13. Multiple fixed versions available...

Fedora 45 : ImageMagick / LibRaw / OpenImageIO / OpenImageIO2.5 / etc (2026-ffba395f42)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffba395f42 advisory. LibRaw 0.22.1 and rebuilds. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

NewStart CGSL MAIN 6.06 : LibRaw Multiple Vulnerabilities (NS-SA-2025-0242)

The remote NewStart CGSL host, running version MAIN 6.06, has LibRaw packages installed that are affected by multiple vulnerabilities: - The phaseonecorrect function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object...

SUSE CVE-2026-20884

An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

SUSE CVE-2026-20889

A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

SUSE CVE-2026-20911

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

SUSE CVE-2026-21413

A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

SUSE CVE-2026-24450

An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

SUSE CVE-2026-24660

A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-20884

A flaw was found in LibRaw. An integer overflow vulnerability in the deflatedngloadraw functionality allows a remote attacker to provide a specially crafted malicious file. This can lead to a heap buffer overflow, potentially resulting in arbitrary code execution. Mitigation This vulnerability ca...