Skip to main content

Libraw CVE-2026-20884

| EUVDEUVD-2026-19618 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-04-07 talos
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 09, 2026 - 14:30 nvd
Patch available
EUVD ID Assigned
Apr 07, 2026 - 14:30 euvd
EUVD-2026-19618
Analysis Generated
Apr 07, 2026 - 14:30 vuln.today
CVE Published
Apr 07, 2026 - 13:49 nvd
HIGH 8.1

DescriptionCVE.org

An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

AnalysisAI

Integer overflow in LibRaw's deflate_dng_load_raw function (commit 8dc68e2) enables remote heap buffer overflow via crafted DNG image files, allowing potential code execution without authentication. With CVSS 8.1 and network-accessible attack vector requiring no user interaction, this represents significant risk for applications processing untrusted DNG files. EPSS data not available; no public exploit identified at time of analysis.

Technical ContextAI

LibRaw is a widely-used open-source library for reading RAW image files from digital cameras, commonly integrated into image processing applications, photo management software, and content management systems. The vulnerability resides in the deflate_dng_load_raw function responsible for processing Adobe DNG (Digital Negative) format files with deflate compression. The root cause is an integer overflow (CWE-190) during size calculations when parsing malformed DNG metadata, which causes subsequent memory allocation to be undersized. When the library attempts to decompress image data into this insufficiently allocated buffer, a heap buffer overflow occurs, potentially corrupting adjacent memory structures. The CPE identifier cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:* indicates the vulnerability affects the LibRaw library itself, meaning all applications statically or dynamically linking this library version are potentially vulnerable. The deflate compression handling in DNG files involves complex integer arithmetic for calculating decompressed buffer sizes, making it susceptible to wraparound conditions when processing attacker-controlled dimension and compression parameters.

RemediationAI

Organizations should immediately update LibRaw to a version containing the fix for commit 8dc68e2 vulnerability once the vendor releases a patched version. Monitor the official LibRaw GitHub repository at https://github.com/LibRaw/LibRaw for security patches and release announcements. Until patches are available and deployed, implement defense-in-depth controls including: restrict DNG file processing to trusted sources only, deploy application sandboxing or containerization to limit exploit impact, implement file validation and sanitization before passing to LibRaw, and consider disabling DNG format support in non-essential workflows. For server-side applications, deploy web application firewalls or input validation to block suspicious DNG files, run image processing in isolated worker processes with minimal privileges, and enable address space layout randomization (ASLR) and data execution prevention (DEP) at the operating system level. Review Cisco Talos advisory TALOS-2026-2364 at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364 for additional technical indicators and detection guidance. Applications that cannot be immediately patched should implement strict input validation rejecting DNG files with anomalous compression parameters or dimension values that could trigger integer overflow conditions. Security teams should test patches in staging environments before production deployment to ensure compatibility with existing image processing workflows.

More in Libraw

View all
CVE-2018-20337 HIGH POC
8.8 Dec 21

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Rated high

CVE-2013-2126 HIGH POC
7.5 Aug 14

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow cont

CVE-2020-24889 HIGH POC
7.8 Sep 16

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp

CVE-2013-2127 HIGH POC
7.5 Aug 14

Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a de

CVE-2023-1729 MEDIUM POC
6.5 May 15

A flaw was found in LibRaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticat

CVE-2020-15365 MEDIUM POC
6.5 Jun 28

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomNam

CVE-2018-20365 MEDIUM POC
6.5 Dec 22

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerabi

CVE-2018-20364 MEDIUM POC
6.5 Dec 22

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Rated medium severity (CVSS 6.5),

CVE-2018-20363 MEDIUM POC
6.5 Dec 22

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Rated medium severity (CVSS 6.5), t

CVE-2017-14265 CRITICAL
9.8 Sep 11

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3.

CVE-2017-6886 CRITICAL
9.8 May 16

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be expl

CVE-2026-20911 CRITICAL
9.8 Apr 07

Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve ar

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-20884 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy