CRITICAL🇵🇱 Wersja polska

CVE-2026-20889

CVSS 9.8v3.1pub. 2026-04-07upd. 2026-06-30

A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

🤖 AI Analysis
How it works

The vulnerability results from an integer overflow error (CWE-190) in the x3f_thumb_loader function, which leads to a heap buffer overflow. An attacker provides a specially crafted input file that, when processed by LibRaw, causes the reserved memory area boundaries to be exceeded. As a result, it is possible to overwrite adjacent heap areas, which may lead to execution of code controlled by the attacker.

Impact

An attacker can trigger arbitrary code execution (RCE) in the context of an application using LibRaw, as well as breach data confidentiality and integrity or cause system unavailability.

Mitigation & patch

Patches available from the vendor should be applied according to the references (https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358). It is also recommended to avoid processing image files from untrusted sources until the patch is deployed.

Who is affected

LibRaw in the version corresponding to commit d20315b; detailed information about affected versions is provided in the vendor's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Libraw

    APP
    Libraw
    0.22.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-21413CRITICAL9.8PL ✓ten sam produkt

Heap buffer overflow w LibRaw — funkcja lossless_jpeg_load_raw

CVE-2026-20911CRITICAL9.8PL ✓ten sam produkt

Przepełnienie bufora sterty w LibRaw — funkcja HuffTable::initval

CVE-2015-8366CRITICAL9.8ten sam produkt

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers t...

CVE-2015-8367CRITICAL9.8ten sam produkt

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly ex...

CVE-2017-14608CRITICAL9.1ten sam produkt

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcra...