CVE Catalog

CVE-2026-20889

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.65%

46th percentile — higher than 46% of all known CVEs

Summary

A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader function of LibRaw (commit d20315b). A specially crafted malicious file can lead to a heap buffer overflow.

Risk Assessment

An attacker can provide a malicious file that, when processed by an application using LibRaw, causes a heap buffer overflow, potentially allowing arbitrary code execution or system destabilization.

Recommendation

Immediately update LibRaw to a version containing the fix after commit d20315b. Until updated, avoid processing untrusted RAW files.

Original NVD description (English source)

A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS