CRITICAL🇵🇱 Wersja polska

CVE-2026-21413

CVSS 9.8v3.1pub. 2026-04-07upd. 2026-06-30

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

🤖 AI Analysis
How it works

The vulnerability results from improper input data validation (CWE-129 — improper validation of array index) during the loading of lossless JPEG data in the lossless_jpeg_load_raw function. An attacker provides a specially crafted file that causes a heap buffer overflow. No authentication or user interaction beyond opening the file is required — the attack vector is network-based, without the need for special privileges.

Impact

Successful exploitation of the vulnerability can lead to arbitrary code execution in the context of the file processing process (RCE), as well as violations of system confidentiality, integrity, and availability. An attacker can gain full control over the vulnerable application.

Mitigation & patch

Patches available from the vendor should be applied according to the references. It is recommended to update LibRaw to a version containing the fix described in the Cisco Talos report TALOS-2026-2331. Until the patch is applied, it is advisable to restrict processing of untrusted RAW files and isolate applications using the LibRaw library.

Who is affected

LibRaw commit 0b56545 and commit d20315b — versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Libraw

    APP
    Libraw
    0.22.00.22.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-20911CRITICAL9.8PL ✓ten sam produkt

Przepełnienie bufora sterty w LibRaw — funkcja HuffTable::initval

CVE-2026-20889CRITICAL9.8PL ✓ten sam produkt

LibRaw: przepełnienie bufora sterty w x3f_thumb_loader

CVE-2015-8366CRITICAL9.8ten sam produkt

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers t...

CVE-2015-8367CRITICAL9.8ten sam produkt

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly ex...

CVE-2017-14608CRITICAL9.1ten sam produkt

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcra...