EUVD-2026-19618CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Analysis
Integer overflow in LibRaw's deflate_dng_load_raw function (commit 8dc68e2) enables remote heap buffer overflow via crafted DNG image files, allowing potential code execution without authentication. With CVSS 8.1 and network-accessible attack vector requiring no user interaction, this represents significant risk for applications processing untrusted DNG files. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all internal applications and services using LibRaw (check build manifests, dependencies, and software inventories; focus on customer-facing image processing). Within 7 days: Implement network isolation for affected systems and disable DNG file upload functionality if possible; implement strict file validation rejecting any DNG files from untrusted sources. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today