汇总 LibRaw 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 缓冲区溢出与内存损坏 等问题,部分漏洞可能导致 应用崩溃,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-24660 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.1 | 0.46% | 2026-04-07 | 2026-06-17 |
| CVE-2026-24450 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.1 | 0.45% | 2026-04-07 | 2026-06-17 |
| CVE-2026-21413 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 9.8 | 0.54% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20911 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 9.8 | 0.49% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20889 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 9.8 | 0.50% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20884 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.1 | 0.45% | 2026-04-07 | 2026-06-17 |
| CVE-2026-5342 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to | [email protected] | 5.5 | 0.73% | 2026-04-02 | 2026-06-17 |
| CVE-2026-5318 | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to | [email protected] | 2.1 | 0.63% | 2026-04-01 | 2026-06-17 |
| CVE-2025-43964 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. | [email protected] | 2.9 | 0.33% | 2025-04-20 | 2026-06-17 |
| CVE-2025-43963 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. | [email protected] | 2.9 | 0.35% | 2025-04-20 | 2026-06-17 |
| CVE-2025-43962 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. | [email protected] | 2.9 | 0.35% | 2025-04-20 | 2026-06-17 |
| CVE-2025-43961 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. | [email protected] | 2.9 | 0.35% | 2025-04-20 | 2026-06-17 |
| CVE-2020-22628 | Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. | [email protected] | 6.5 | 0.68% | 2023-08-22 | 2026-06-16 |
| CVE-2023-1729 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | [email protected] | 6.5 | 1.29% | 2023-05-15 | 2026-06-17 |
| CVE-2021-32142 | Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. | [email protected] | 7.8 | 0.42% | 2023-02-17 | 2026-06-16 |
| CVE-2020-35535 | In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. | [email protected] | 5.5 | 0.32% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35534 | In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. | [email protected] | 5.5 | 0.25% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35533 | In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | [email protected] | 5.5 | 0.28% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35532 | In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | [email protected] | 5.5 | 0.37% | 2022-09-01 | 2026-06-16 |
| CVE-2020-35531 | In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | [email protected] | 5.5 | 0.28% | 2022-09-01 | 2026-06-16 |