CVE-2026-21413
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk50th percentile - higher than 50% of all known CVEs
Summary
A heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw function of the LibRaw library. A specially crafted malicious file can cause a heap buffer overflow.
Risk Assessment
An attacker can provide a malicious file, potentially leading to arbitrary code execution or application crash in image processing software.
Recommendation
It is recommended to immediately update the LibRaw library to a patched version or apply available security fixes.
Original NVD description (English source)
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

