Skip to main content

Libraw EUVDEUVD-2026-19628

| CVE-2026-24660 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-04-07 talos GHSA-6mmg-qj2r-7jcf
8.1
CVSS 3.1 · Vendor: talos
Share

Severity by source

Vendor (talos) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (talos).

CVSS VectorVendor: talos

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 09, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 07, 2026 - 14:30 euvd
EUVD-2026-19628
Analysis Generated
Apr 07, 2026 - 14:30 vuln.today
CVE Published
Apr 07, 2026 - 13:49 nvd
HIGH 8.1

DescriptionCVE.org

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

AnalysisAI

Heap buffer overflow in LibRaw's x3f_load_huffman function (commit d20315b) allows remote attackers to achieve arbitrary code execution via malicious X3F image files. The vulnerability stems from an integer overflow (CWE-190) leading to heap corruption. CVSS 8.1 reflects high impact across confidentiality, integrity, and availability, though attack complexity is rated high. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Reported by Cisco Talos (TALOS-2026-2359), affecting LibRaw's Sigma X3F raw image parsing functionality.

Technical ContextAI

LibRaw is an open-source library for reading and processing raw image files from digital cameras, widely used in photo editing applications and image processing pipelines. The vulnerability resides in the x3f_load_huffman function responsible for parsing Huffman-encoded data within Sigma's proprietary X3F raw image format. The root cause is an integer overflow (CWE-190) during size calculations when processing Huffman table parameters from the X3F file structure. This overflow causes allocation of an insufficiently sized heap buffer, which is subsequently overflowed during data decompression or table population. The affected CPE (cpe:2.3:a:libraw:libraw) indicates the core LibRaw library itself is vulnerable, impacting any application that processes untrusted X3F files through LibRaw's parsing routines. The specific commit reference (d20315b) suggests this is a development-branch vulnerability that may affect recent unstable versions or pre-release code.

RemediationAI

Primary remediation requires updating LibRaw to a patched version that addresses the integer overflow in x3f_load_huffman. Organizations should monitor the LibRaw GitHub repository and the Cisco Talos advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359 for official patch releases and specific fixed version numbers. Until patches are available, implement defense-in-depth controls including disabling X3F format support if not operationally required, implementing file format validation before LibRaw processing, running image processing in sandboxed or containerized environments with limited privileges, and deploying memory corruption mitigations (ASLR, DEP/NX) on systems using LibRaw. For critical environments processing untrusted images, consider temporarily blocking X3F file uploads or switching to alternative raw processing libraries until patches are deployed. Application developers embedding LibRaw should review their integration for opportunities to validate file structure integrity before passing data to vulnerable parsing functions. Monitor LibRaw security advisories and CVE updates for release of fixed versions, then prioritize testing and deployment based on your environment's exposure to untrusted X3F files.

More in Libraw

View all
CVE-2018-20337 HIGH POC
8.8 Dec 21

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Rated high

CVE-2013-2126 HIGH POC
7.5 Aug 14

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow cont

CVE-2020-24889 HIGH POC
7.8 Sep 16

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp

CVE-2013-2127 HIGH POC
7.5 Aug 14

Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a de

CVE-2023-1729 MEDIUM POC
6.5 May 15

A flaw was found in LibRaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticat

CVE-2020-15365 MEDIUM POC
6.5 Jun 28

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomNam

CVE-2018-20365 MEDIUM POC
6.5 Dec 22

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerabi

CVE-2018-20364 MEDIUM POC
6.5 Dec 22

LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Rated medium severity (CVSS 6.5),

CVE-2018-20363 MEDIUM POC
6.5 Dec 22

LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. Rated medium severity (CVSS 6.5), t

CVE-2017-14265 CRITICAL
9.8 Sep 11

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3.

CVE-2017-6886 CRITICAL
9.8 May 16

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be expl

CVE-2026-20911 CRITICAL
9.8 Apr 07

Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve ar

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

EUVD-2026-19628 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy