EUVD-2026-19622
GHSA-rc49-6x7v-hf76
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Tags
Description
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Analysis
Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve arbitrary code execution via malformed image files. Affects LibRaw commits 0b56545 and d20315b with CVSS 9.8 critical severity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems and applications using LibRaw and document which commits (0b56545, d20315b) are present; restrict image file processing to trusted sources only and disable automatic image preview/processing features where feasible. Within 7 days: Contact LibRaw maintainers for patched version availability; implement file validation and sandboxing for any image processing workflows. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today