CVE-2026-24808 — Integer Overflow or Wraparound in Rawtherapee

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

8.3HIGHNVD

EPSS

0.0%

top 94.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rawtherapee Debian Rawtherapee

Timeline

PublishedJan 27

Description

Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:P

Affected Packages3 packages

▶debiandebian/rawtherapee< rawtherapee 5.12-1 (forky)

▶Debianrawtherapee/rawtherapee< 5.12-1

▶CVEListV5rawtherapee/rawtherapee5.11

🔴Vulnerability Details

OSV

CVE-2026-24808: Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules)↗2026-01-27

▶

GHSA

GHSA-v546-jrfg-ph8q: Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules)↗2026-01-27

▶

📋Vendor Advisories

Debian

CVE-2026-24808: rawtherapee - Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24808 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶