Untriaged
Permalink
CVE-2026-5342
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
References
-
VDB-354671 | LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds vdb-entrytechnical-description
-
-
Submit #781223 | LibRaw 0.22.0 Out-of-Bounds Read third-party-advisory
-
https://github.com/LibRaw/LibRaw/issues/795 issue-tracking
Affected products
LibRaw
- ==0.3
- ==0.10
- ==0.12
- ==0.16
- ==0.17
- ==0.19
- ==0.9
- ==0.20
- ==0.4
- ==0.8
- ==0.2
- ==0.1
- ==0.13
- ==0.5
- ==0.15
- ==0.18
- ==0.7
- ==0.21
- ==0.22.1
- ==0.14
- ==0.22.0
- ==0.6
- ==0.11
Matching in nixpkgs
pkgs.libraw
Library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others)