EUVD-2026-19620
GHSA-9m8r-gj3p-r7rw
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
AnalysisAI
Heap-based buffer overflow in LibRaw's x3f_thumb_loader function allows remote code execution via malformed image files. The vulnerability affects LibRaw commit d20315b, a widely-used raw image processing library integrated into applications like ImageMagick, GIMP, and numerous photo management tools. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running ImageMagick, GIMP, and photo management tools dependent on LibRaw; disable or restrict access to image processing services accepting untrusted external files. Within 7 days: Implement input validation to reject malformed x3f and other raw image formats from external sources; apply network segmentation to isolate image processing services. …
Sign in for detailed remediation steps.
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today