High severity8.1NVD Advisory· Published Apr 7, 2026· Updated Apr 10, 2026
CVE-2026-24450
CVE-2026-24450
Description
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords9 versionspkg:rpm/almalinux/LibRawpkg:rpm/almalinux/LibRaw-develpkg:rpm/opensuse/libraw&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libraw&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 0.21.1-2.el9_7+ 8 more
- (no CPE)range: < 0.21.1-2.el9_7
- (no CPE)range: < 0.21.1-2.el9_7
- (no CPE)range: < 0.21.4-160000.3.1
- (no CPE)range: < 0.22.1-1.1
- (no CPE)range: < 0.21.1-150600.3.10.1
- (no CPE)range: < 0.21.1-150600.3.10.1
- (no CPE)range: < 0.21.1-150600.3.10.1
- (no CPE)range: < 0.21.1-150600.3.10.1
- (no CPE)range: < 0.21.1-150600.3.10.1
Patches
Vulnerability mechanics
References
2- talosintelligence.com/vulnerability_reports/TALOS-2026-2363nvdExploitThird Party Advisory
- www.talosintelligence.com/vulnerability_reports/TALOS-2026-2363nvdExploitThird Party Advisory
News mentions
1- Foxit, LibRaw vulnerabilitiesCisco Talos Intelligence · Apr 16, 2026