A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability results from improper buffer size calculation (CWE-131) in the HuffTable::initval function of the LibRaw library. Processing a specially crafted malicious file (e.g., a RAW file from a digital camera) causes data to be written beyond the boundaries of allocated heap memory. The attack vector is network-based, requires no authentication or user interaction, which means that it is sufficient for an application using LibRaw to process the supplied file.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) in the context of an application using LibRaw, and may also lead to violations of system confidentiality, integrity, and availability.
Apply patches available from the vendor according to the references (Cisco Talos report TALOS-2026-2330). It is recommended to monitor official updates of the LibRaw repository and update to the version containing the fix immediately after its release.
LibRaw in versions corresponding to commits 0b56545 and d20315b; detailed information about versions is indicated in the vendor's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLibraw
APPLibraw0.22.00.22.1
Related vulnerabilities
Heap buffer overflow w LibRaw — funkcja lossless_jpeg_load_raw
LibRaw: przepełnienie bufora sterty w x3f_thumb_loader
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers t...
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly ex...
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcra...