CVE-2026-24450 — Integer Overflow or Wraparound in Libraw
Severity
9.8CRITICALNVD
EPSS
0.1%
top 83.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 7
Latest updateApr 16
Description
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
2📋Vendor Advisories
2🕵️Threat Intelligence
2💬Community
9Bugzilla▶
CVE-2026-24450 digikam: LibRaw: Arbitrary code execution via a specially crafted malicious file [fedora-all]↗2026-04-07
Bugzilla▶
CVE-2026-24450 mingw-LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file [fedora-all]↗2026-04-07
Bugzilla▶
CVE-2026-24450 digikam: LibRaw: Arbitrary code execution via a specially crafted malicious file [epel-all]↗2026-04-07
Bugzilla▶
CVE-2026-24450 LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file [fedora-all]↗2026-04-07
Bugzilla▶
CVE-2026-24450 darktable: LibRaw: Arbitrary code execution via a specially crafted malicious file [fedora-all]↗2026-04-07