CVE-2026-5318Improper Restriction of Operations within the Bounds of a Memory Buffer in Libraw

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write9 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 92.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Libraw
Timeline
PublishedApr 2

Description

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

debiandebian/libraw

🔴Vulnerability Details

2
GHSA
GHSA-8qw7-rqx6-9gqj: A weakness has been identified in LibRaw up to 02026-04-02
OSV
CVE-2026-5318: A weakness has been identified in LibRaw up to 02026-04-02

📋Vendor Advisories

3
Red Hat
LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser2026-04-02
Oracle
Oracle Oracle Communications Risk Matrix: Security (libssh) — CVE-2025-53182026-01-15
Debian
CVE-2026-5318: libraw - A weakness has been identified in LibRaw up to 0.22.0. This impacts the function...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-5318 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-5318 mingw-LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]2026-04-02
Bugzilla
CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all]2026-04-02