CVE Catalog

CVE-2026-20911

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile - higher than 39% of all known CVEs

Summary

A heap-based buffer overflow vulnerability in the HuffTable::initval function of LibRaw. A specially crafted malicious file can cause a heap buffer overflow, potentially allowing an attacker to execute arbitrary code or crash the application.

Risk Assessment

An attacker can provide a malicious file to an application using LibRaw, potentially leading to system compromise or denial of service.

Recommendation

Immediately update LibRaw to a patched version or apply available security fixes. Restrict processing of untrusted RAW files.

Original NVD description (English source)

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS