Debian Libraw vulnerabilities

CVE-2026-20911 [CRITICAL] CVE-2026-20911: libraw - A heap-based buffer overflow vulnerability exists in the HuffTable::initval func... A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-20889 [CRITICAL] CVE-2026-20889: libraw - A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functi... A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-21413 [CRITICAL] CVE-2026-21413: libraw - A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw ... A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-24660 [HIGH] CVE-2026-24660: libraw - A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi... A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-24450 [HIGH] CVE-2026-24450: libraw - An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun... An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-20884 [HIGH] CVE-2026-20884: libraw - An integer overflow vulnerability exists in the deflate_dng_load_raw functionali... An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-5318 [MEDIUM] CVE-2026-5318: libraw - A weakness has been identified in LibRaw up to 0.22.0. This impacts the function... A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for

CVE-2026-5342 [MEDIUM] CVE-2026-5342: libraw - A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::... A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2025-43961 [LOW] CVE-2025-43961: libraw - In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fuji... In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. Scope: local bookworm: resolved (fixed in 0.20.2-2.1+deb12u1) bullseye: resolved (fixed in 0.20.2-1+deb11u2) forky: resolved (fixed in 0.21.4-1) sid: resolved (fixed in 0.21.4-1) trixie: resolved (fixed in 0.21.4-1)

CVE-2025-43962 [LOW] CVE-2025-43962: libraw - In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-... In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. Scope: local bookworm: resolved (fixed in 0.20.2-2.1+deb12u1) bullseye: resolved (fixed in 0.20.2-1+deb11u2) forky: resolved (fixed in 0.21.4-1) sid: resolved (fixed in 0.21.4-1) t

CVE-2025-43963 [LOW] CVE-2025-43963: libraw - In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows o... In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. Scope: local bookworm: resolved (fixed in 0.20.2-2.1+deb12u1) bullseye: resolved (fixed in 0.20.2-1+deb11u2) forky: resolved (fixed in 0.21.4-1) sid: resolved (fixed in 0.21.4-1) trixie: re

CVE-2025-43964 [LOW] CVE-2025-43964: libraw - In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/l... In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. Scope: local bookworm: resolved (fixed in 0.20.2-2.1+deb12u1) bullseye: resolved (fixed in 0.20.2-1+deb11u2) forky: resolved (fixed in 0.21.4-1) sid: resolved (fixed in 0.21.4-1) trixie: resolved (fixed in 0.21.4-1)

CVE-2023-1729 [MEDIUM] CVE-2023-1729: libraw - A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a... A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. Scope: local bookworm: resolved (fixed in 0.20.2-2.1) bullseye: resolved (fixed in 0.20.2-1+deb11u1) forky: resolved (fixed in 0.20.2-2.1) sid: resolved (fixed in 0.20.2-2.1) trixie: resolved (fixed in 0.20.2-2.1)

CVE-2021-32142 [HIGH] CVE-2021-32142: libraw - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to es... Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. Scope: local bookworm: resolved (fixed in 0.20.2-2.1) bullseye: resolved (fixed in 0.20.2-1+deb11u1) forky: resolved (fixed in 0.20.2-2.1) sid: resolved (fixed in 0.20.2-2.1) tri

CVE-2020-24870 [HIGH] CVE-2020-24870: libraw - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dn... Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. Scope: local bookworm: resolved (fixed in 0.20.2-1) bullseye: resolved (fixed in 0.20.2-1) forky: resolved (fixed in 0.20.2-1) sid: resolved (fixed in 0.20.2-1) trixie: resolved (fixed in 0.20.2-1)

CVE-2020-15503 [HIGH] CVE-2020-15503: libraw - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders... LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. Scope: local bookworm: resolved (fixed in 0.20.0-4) bullseye: resolved (fixed in 0.20.0-4) forky: resolved (fixe

CVE-2020-24889 [HIGH] CVE-2020-24889: libraw - A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedMo... A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Scope: local bookworm: resolved (fixed in 0.20.2-1) bullseye: resolved (fixed in 0.20.2-1) forky: resolved (fixed in 0.20.2-1) sid: resolved (fixed in 0.20.2-1) trixie: resolved (fixed in 0.20.

CVE-2020-35534 [MEDIUM] CVE-2020-35534: libraw - In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubband... In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. Scope: local bookworm: resolved (fixed in 0.20.0-4) bullseye: resolved (fixed in 0.20.0-4) forky: resolved (fixed in 0.20.0-4) sid: resolved (fixed in 0.20.0-4) trixie: resolved (fixed in 0.20.0-4)

CVE-2020-35532 [MEDIUM] CVE-2020-35532: libraw - In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_... In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. Scope: local bookworm: resolved (fixed in 0.20.0-4) bullseye: resolved (fixed in 0.20.0-4) forky: resolved (fixed in 0.20.0-4) sid: resolved (fixed in 0.20.0-4) trix

CVE-2020-35530 [MEDIUM] CVE-2020-35530: libraw - In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()"... In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. Scope: local bookworm: resolved (fixed in 0.20.0-4) bullseye: resolved (fixed in 0.20.0-4) forky: resolved (fixed in 0.20.0-4) sid: resolved (fixed in 0.20.0-4) trixie: resolved (fixed in 0.20