A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability results from an integer overflow error (CWE-190) in the x3f_thumb_loader function, which leads to a heap buffer overflow. An attacker provides a specially crafted input file that, when processed by LibRaw, causes the reserved memory area boundaries to be exceeded. As a result, it is possible to overwrite adjacent heap areas, which may lead to execution of code controlled by the attacker.
An attacker can trigger arbitrary code execution (RCE) in the context of an application using LibRaw, as well as breach data confidentiality and integrity or cause system unavailability.
Patches available from the vendor should be applied according to the references (https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358). It is also recommended to avoid processing image files from untrusted sources until the patch is deployed.
LibRaw in the version corresponding to commit d20315b; detailed information about affected versions is provided in the vendor's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLibraw
APPLibraw0.22.0
Related vulnerabilities
Heap buffer overflow w LibRaw — funkcja lossless_jpeg_load_raw
Przepełnienie bufora sterty w LibRaw — funkcja HuffTable::initval
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers t...
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly ex...
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcra...