CVE-2026-20911
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk39th percentile - higher than 39% of all known CVEs
Summary
A heap-based buffer overflow vulnerability in the HuffTable::initval function of LibRaw. A specially crafted malicious file can cause a heap buffer overflow, potentially allowing an attacker to execute arbitrary code or crash the application.
Risk Assessment
An attacker can provide a malicious file to an application using LibRaw, potentially leading to system compromise or denial of service.
Recommendation
Immediately update LibRaw to a patched version or apply available security fixes. Restrict processing of untrusted RAW files.
Original NVD description (English source)
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

