CRITICAL🇵🇱 Wersja polska

CVE-2026-20911

CVSS 9.8v3.1pub. 2026-04-07upd. 2026-06-30

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

🤖 AI Analysis
How it works

The vulnerability results from improper buffer size calculation (CWE-131) in the HuffTable::initval function of the LibRaw library. Processing a specially crafted malicious file (e.g., a RAW file from a digital camera) causes data to be written beyond the boundaries of allocated heap memory. The attack vector is network-based, requires no authentication or user interaction, which means that it is sufficient for an application using LibRaw to process the supplied file.

Impact

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) in the context of an application using LibRaw, and may also lead to violations of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to the references (Cisco Talos report TALOS-2026-2330). It is recommended to monitor official updates of the LibRaw repository and update to the version containing the fix immediately after its release.

Who is affected

LibRaw in versions corresponding to commits 0b56545 and d20315b; detailed information about versions is indicated in the vendor's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Libraw

    APP
    Libraw
    0.22.00.22.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-21413CRITICAL9.8PL ✓ten sam produkt

Heap buffer overflow w LibRaw — funkcja lossless_jpeg_load_raw

CVE-2026-20889CRITICAL9.8PL ✓ten sam produkt

LibRaw: przepełnienie bufora sterty w x3f_thumb_loader

CVE-2015-8366CRITICAL9.8ten sam produkt

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers t...

CVE-2015-8367CRITICAL9.8ten sam produkt

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly ex...

CVE-2017-14608CRITICAL9.1ten sam produkt

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcra...