A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability results from improper input data validation (CWE-129 — improper validation of array index) during the loading of lossless JPEG data in the lossless_jpeg_load_raw function. An attacker provides a specially crafted file that causes a heap buffer overflow. No authentication or user interaction beyond opening the file is required — the attack vector is network-based, without the need for special privileges.
Successful exploitation of the vulnerability can lead to arbitrary code execution in the context of the file processing process (RCE), as well as violations of system confidentiality, integrity, and availability. An attacker can gain full control over the vulnerable application.
Patches available from the vendor should be applied according to the references. It is recommended to update LibRaw to a version containing the fix described in the Cisco Talos report TALOS-2026-2331. Until the patch is applied, it is advisable to restrict processing of untrusted RAW files and isolate applications using the LibRaw library.
LibRaw commit 0b56545 and commit d20315b — versions indicated in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLibraw
APPLibraw0.22.00.22.1
Related vulnerabilities
Przepełnienie bufora sterty w LibRaw — funkcja HuffTable::initval
LibRaw: przepełnienie bufora sterty w x3f_thumb_loader
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers t...
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly ex...
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcra...