CVE Catalog

CVE-2026-21413

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.75%

50th percentile - higher than 50% of all known CVEs

Summary

A heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw function of the LibRaw library. A specially crafted malicious file can cause a heap buffer overflow.

Risk Assessment

An attacker can provide a malicious file, potentially leading to arbitrary code execution or application crash in image processing software.

Recommendation

It is recommended to immediately update the LibRaw library to a patched version or apply available security fixes.

Original NVD description (English source)

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS