Libraw
Monthly
Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve arbitrary code execution via malformed image files. Affects LibRaw commits 0b56545 and d20315b with CVSS 9.8 critical severity. Attack requires no user interaction beyond processing a malicious file. No public exploit identified at time of analysis, though technical details from Cisco Talos suggest proof-of-concept exists. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and no authentication barrier represents significant risk for applications processing untrusted image files.
Heap-based buffer overflow in LibRaw's lossless JPEG processing (commits 0b56545 and d20315b) allows unauthenticated remote attackers to achieve arbitrary code execution by providing a malicious image file. The vulnerability scores CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No CISA KEV listing or public exploit identified at time of analysis, though Talos Intelligence has published detailed vulnerability research (TALOS-2026-2331).
Heap-based buffer overflow in LibRaw's x3f_thumb_loader function allows remote code execution via malformed image files. The vulnerability affects LibRaw commit d20315b, a widely-used raw image processing library integrated into applications like ImageMagick, GIMP, and numerous photo management tools. The CVSS 9.8 critical rating reflects network-exploitable conditions requiring no authentication or user interaction. With an EPSS score not yet available and no CISA KEV listing, active exploitation is not confirmed at time of analysis, though the attack complexity is low and requires only delivering a specially crafted file to vulnerable processing workflows.
Heap buffer overflow in LibRaw's x3f_load_huffman function (commit d20315b) allows remote attackers to achieve arbitrary code execution via malicious X3F image files. The vulnerability stems from an integer overflow (CWE-190) leading to heap corruption. CVSS 8.1 reflects high impact across confidentiality, integrity, and availability, though attack complexity is rated high. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Reported by Cisco Talos (TALOS-2026-2359), affecting LibRaw's Sigma X3F raw image parsing functionality.
Heap buffer overflow in LibRaw's DNG image processing (commit 8dc68e2) enables remote code execution when parsing maliciously crafted uncompressed floating-point DNG files. The vulnerability stems from an integer overflow in uncompressed_fp_dng_load_raw that miscalculates buffer sizes, allowing network-based attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). No public exploit identified at time of analysis, though Cisco Talos has published technical details. Authentication requirements not confirmed from available data, but CVSS vector indicates no privileges required (PR:N).
Integer overflow in LibRaw's deflate_dng_load_raw function (commit 8dc68e2) enables remote heap buffer overflow via crafted DNG image files, allowing potential code execution without authentication. With CVSS 8.1 and network-accessible attack vector requiring no user interaction, this represents significant risk for applications processing untrusted DNG files. EPSS data not available; no public exploit identified at time of analysis.
Out-of-bounds read in LibRaw up to 0.22.0 allows remote unauthenticated attackers to cause denial of service via manipulation of load_flags or raw_width parameters in the TIFF/NEF decoder (nikon_load_padded_packed_raw function). Publicly available exploit code exists, and vendor-released patch version 0.22.1 is available. CVSS 5.3 with low availability impact and confirmed exploit publication indicates moderate real-world risk.
Out-of-bounds write in LibRaw's JPEG DHT parser (HuffTable::initval function) allows unauthenticated remote attackers to trigger a denial of service via malformed JPEG image files. LibRaw versions up to 0.22.0 are affected; publicly available exploit code exists. CVSS 4.3 (low severity) reflects denial-of-service impact only, with low attack complexity and no authentication required. Vendor-released patch available in version 0.22.1.
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
Heap-based buffer overflow in LibRaw's HuffTable::initval function allows unauthenticated remote attackers to achieve arbitrary code execution via malformed image files. Affects LibRaw commits 0b56545 and d20315b with CVSS 9.8 critical severity. Attack requires no user interaction beyond processing a malicious file. No public exploit identified at time of analysis, though technical details from Cisco Talos suggest proof-of-concept exists. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and no authentication barrier represents significant risk for applications processing untrusted image files.
Heap-based buffer overflow in LibRaw's lossless JPEG processing (commits 0b56545 and d20315b) allows unauthenticated remote attackers to achieve arbitrary code execution by providing a malicious image file. The vulnerability scores CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No CISA KEV listing or public exploit identified at time of analysis, though Talos Intelligence has published detailed vulnerability research (TALOS-2026-2331).
Heap-based buffer overflow in LibRaw's x3f_thumb_loader function allows remote code execution via malformed image files. The vulnerability affects LibRaw commit d20315b, a widely-used raw image processing library integrated into applications like ImageMagick, GIMP, and numerous photo management tools. The CVSS 9.8 critical rating reflects network-exploitable conditions requiring no authentication or user interaction. With an EPSS score not yet available and no CISA KEV listing, active exploitation is not confirmed at time of analysis, though the attack complexity is low and requires only delivering a specially crafted file to vulnerable processing workflows.
Heap buffer overflow in LibRaw's x3f_load_huffman function (commit d20315b) allows remote attackers to achieve arbitrary code execution via malicious X3F image files. The vulnerability stems from an integer overflow (CWE-190) leading to heap corruption. CVSS 8.1 reflects high impact across confidentiality, integrity, and availability, though attack complexity is rated high. EPSS data not available; no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Reported by Cisco Talos (TALOS-2026-2359), affecting LibRaw's Sigma X3F raw image parsing functionality.
Heap buffer overflow in LibRaw's DNG image processing (commit 8dc68e2) enables remote code execution when parsing maliciously crafted uncompressed floating-point DNG files. The vulnerability stems from an integer overflow in uncompressed_fp_dng_load_raw that miscalculates buffer sizes, allowing network-based attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). No public exploit identified at time of analysis, though Cisco Talos has published technical details. Authentication requirements not confirmed from available data, but CVSS vector indicates no privileges required (PR:N).
Integer overflow in LibRaw's deflate_dng_load_raw function (commit 8dc68e2) enables remote heap buffer overflow via crafted DNG image files, allowing potential code execution without authentication. With CVSS 8.1 and network-accessible attack vector requiring no user interaction, this represents significant risk for applications processing untrusted DNG files. EPSS data not available; no public exploit identified at time of analysis.
Out-of-bounds read in LibRaw up to 0.22.0 allows remote unauthenticated attackers to cause denial of service via manipulation of load_flags or raw_width parameters in the TIFF/NEF decoder (nikon_load_padded_packed_raw function). Publicly available exploit code exists, and vendor-released patch version 0.22.1 is available. CVSS 5.3 with low availability impact and confirmed exploit publication indicates moderate real-world risk.
Out-of-bounds write in LibRaw's JPEG DHT parser (HuffTable::initval function) allows unauthenticated remote attackers to trigger a denial of service via malformed JPEG image files. LibRaw versions up to 0.22.0 are affected; publicly available exploit code exists. CVSS 4.3 (low severity) reflects denial-of-service impact only, with low attack complexity and no authentication required. Vendor-released patch available in version 0.22.1.
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.