Fluid Attacks Database

Description

Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	rawtherapee	=5.11-2 \|\| =5.12-1 \|\| =5.12-2	-
debian 14	rawtherapee	=5.11-2 \|\| >=0 <5.12-1	5.12-1
debian 12	rawtherapee	=5.10-1 \|\| =5.11-1 \|\| =5.11-2 \|\| =5.12-1 \|\| =5.12-2 \|\| =5.9-1 \|\| =5.9-2	-
debian 11	rawtherapee	=5.10-1 \|\| =5.11-1 \|\| =5.11-2 \|\| =5.12-1 \|\| =5.12-2 \|\| =5.8-3 \|\| =5.8-4 \|\| =5.9-1 \|\| =5.9-2	-

Aliases

1. CVE-2026-248082. NVD-2026-248083. OSV-DEBIAN-2026-248084. OSV-2026-248085. SECURITY-TRACKER-CVE-2026-24808

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.