Fluid Attacks Database

Description

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	LibRaw	<0:0.19.5-6.el8_10	0:0.19.5-6.el8_10
rpm rhel7	libraw1394	-	-
rpm rhel6	libraw1394	-	-
debian 11	libraw	=0.20.2-1 \|\| =0.20.2-1+deb11u1 \|\| =0.20.2-1+deb11u2 \|\| =0.20.2-2 \|\| =0.20.2-2.1 \|\| =0.21.1-1 \|\| =0.21.1-2 \|\| =0.21.1-3 \|\| =0.21.1-4 \|\| =0.21.1-5 \|\| =0.21.1-6 \|\| =0.21.1-7 \|\| =0.21.2-1 \|\| =0.21.2-2 \|\| =0.21.2-2.1 \|\| =0.21.2-2.1~exp1 \|\| =0.21.3-1 \|\| =0.21.4-1 \|\| =0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2	-
rpm rhel7	LibRaw	-	-
rpm rhel8	libraw1394	-	-
debian 14	libraw	=0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2 \|\| >=0 <0.22.1-1	0.22.1-1
debian 13	libraw	=0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2	-
debian 12	libraw	=0.20.2-2.1 \|\| =0.20.2-2.1+deb12u1 \|\| =0.21.1-1 \|\| =0.21.1-2 \|\| =0.21.1-3 \|\| =0.21.1-4 \|\| =0.21.1-5 \|\| =0.21.1-6 \|\| =0.21.1-7 \|\| =0.21.2-1 \|\| =0.21.2-2 \|\| =0.21.2-2.1 \|\| =0.21.2-2.1~exp1 \|\| =0.21.3-1 \|\| =0.21.4-1 \|\| =0.21.4-2 \|\| =0.21.4-3~exp1 \|\| =0.21.4-3~exp2 \|\| =0.21.5b-1 \|\| =0.22.0-1~exp1 \|\| =0.22.1-1 \|\| =0.22.1-1~exp1 \|\| =0.22.1-1~exp2	-
rpm rhel8.4	LibRaw	<0:0.19.5-2.el8_4.2	0:0.19.5-2.el8_4.2

Aliases

1. CVE-2026-246602. NVD-2026-246603. OSV-2026-246604. OSV-DEBIAN-2026-246605. SECURITY-TRACKER-CVE-2026-24660

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.