Fluid Attacks Database

Description

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libraw	=0.20.2-2.1 \|\| =0.20.2-2.1+deb12u1 \|\| =0.21.1-1 \|\| =0.21.1-2 \|\| =0.21.1-3 \|\| =0.21.1-4 \|\| =0.21.1-5 \|\| =0.21.1-6 \|\| =0.21.1-7 \|\| =0.21.2-1 \|\| =0.21.2-2 \|\| =0.21.2-2.1 \|\| =0.21.2-2.1~exp1 \|\| =0.21.3-1 \|\| =0.21.4-1 \|\| =0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2	-
rpm rhel8	LibRaw	<0:0.19.5-6.el8_10	0:0.19.5-6.el8_10
rpm rhel9	LibRaw	<0:0.21.1-2.el9_8	0:0.21.1-2.el9_8
rpm rhel8	libraw1394	-	-
debian 14	libraw	=0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2 \|\| >=0 <0.22.1-1	0.22.1-1
rpm rhel7	libraw1394	-	-
rpm rhel7	LibRaw	-	-
debian 11	libraw	=0.20.2-1 \|\| =0.20.2-1+deb11u1 \|\| =0.20.2-1+deb11u2 \|\| =0.20.2-2 \|\| =0.20.2-2.1 \|\| =0.21.1-1 \|\| =0.21.1-2 \|\| =0.21.1-3 \|\| =0.21.1-4 \|\| =0.21.1-5 \|\| =0.21.1-6 \|\| =0.21.1-7 \|\| =0.21.2-1 \|\| =0.21.2-2 \|\| =0.21.2-2.1 \|\| =0.21.2-2.1~exp1 \|\| =0.21.3-1 \|\| =0.21.4-1 \|\| =0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2	-
debian 13	libraw	=0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2	-
rpm rhel6	libraw1394	-	-

1-10 of 13

Aliases

1. CVE-2026-214132. NVD-2026-214133. OSV-DEBIAN-2026-214134. OSV-2026-214135. SECURITY-TRACKER-CVE-2026-21413

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.