CVE-2026-24660Integer Overflow or Wraparound in Libraw

CWE-190Integer Overflow or WraparoundCWE-120Classic Buffer Overflow16 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 83.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibrawDebian Libraw
Timeline
PublishedApr 7
Latest updateApr 16

Description

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5libraw/librawCommit d20315b
NVDlibraw/libraw0.22.0
debiandebian/libraw

🔴Vulnerability Details

2
OSV
CVE-2026-24660: A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b2026-04-07
GHSA
GHSA-6mmg-qj2r-7jcf: A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b2026-04-07

📋Vendor Advisories

2
Red Hat
LibRaw: LibRaw: Memory Corruption via Malicious File Processing2026-04-07
Debian
CVE-2026-24660: libraw - A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi...2026

🕵️Threat Intelligence

2
Talos
Foxit, LibRaw vulnerabilities2026-04-16
Wiz
CVE-2026-24660 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

9
Bugzilla
CVE-2026-24660 LibRaw: LibRaw: Memory Corruption via Malicious File Processing2026-04-07
Bugzilla
CVE-2026-24660 libraw1394: LibRaw: Memory Corruption via Malicious File Processing [fedora-all]2026-04-07
Bugzilla
CVE-2026-24660 mingw-LibRaw: LibRaw: Memory Corruption via Malicious File Processing [fedora-all]2026-04-07
Bugzilla
CVE-2026-24660 digikam: LibRaw: Memory Corruption via Malicious File Processing [epel-all]2026-04-07
Bugzilla
CVE-2026-24660 darktable: LibRaw: Memory Corruption via Malicious File Processing [fedora-all]2026-04-07