LibRaw 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-24660 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.1 | 0.46% | 2026-04-07 | 2026-06-17 |
| CVE-2026-24450 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.1 | 0.45% | 2026-04-07 | 2026-06-17 |
| CVE-2026-21413 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 9.8 | 0.54% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20911 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 9.8 | 0.49% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20889 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 9.8 | 0.50% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20884 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.1 | 0.45% | 2026-04-07 | 2026-06-17 |
| CVE-2026-5342 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to | [email protected] | 5.5 | 0.73% | 2026-04-02 | 2026-06-17 |
| CVE-2026-5318 | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to | [email protected] | 2.1 | 0.63% | 2026-04-01 | 2026-06-17 |
| CVE-2025-43964 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. | [email protected] | 2.9 | 0.33% | 2025-04-20 | 2026-06-17 |
| CVE-2025-43963 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. | [email protected] | 2.9 | 0.35% | 2025-04-20 | 2026-06-17 |
| CVE-2025-43962 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. | [email protected] | 2.9 | 0.35% | 2025-04-20 | 2026-06-17 |
| CVE-2025-43961 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. | [email protected] | 2.9 | 0.35% | 2025-04-20 | 2026-06-17 |
| CVE-2020-22628 | Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. | [email protected] | 6.5 | 0.68% | 2023-08-22 | 2026-06-16 |
| CVE-2023-1729 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | [email protected] | 6.5 | 1.29% | 2023-05-15 | 2026-06-17 |
| CVE-2021-32142 | Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. | [email protected] | 7.8 | 0.42% | 2023-02-17 | 2026-06-16 |
| CVE-2020-35535 | In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. | [email protected] | 5.5 | 0.32% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35534 | In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. | [email protected] | 5.5 | 0.25% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35533 | In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | [email protected] | 5.5 | 0.28% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35532 | In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | [email protected] | 5.5 | 0.37% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35531 | In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | [email protected] | 5.5 | 0.28% | 2022-09-01 | 2026-06-16 |