rpm package
opensuse/libraw&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libraw&distro=openSUSE%20Tumbleweed
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24660 | Hig | 8.1 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-24450 | Hig | 8.1 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 7, 2026 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-21413 | Cri | 9.8 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability | |
| CVE-2026-20911 | Cri | 9.8 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-20889 | Cri | 9.8 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-20884 | Hig | 8.1 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 7, 2026 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-5342 | Med | 5.3 | < 0.22.1-1.1 | 0.22.1-1.1 | Apr 2, 2026 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is | |
| CVE-2025-43964 | — | < 0.21.4-1.1 | 0.21.4-1.1 | Apr 20, 2025 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. | ||
| CVE-2025-43963 | — | < 0.21.4-1.1 | 0.21.4-1.1 | Apr 20, 2025 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. | ||
| CVE-2025-43962 | — | < 0.21.4-1.1 | 0.21.4-1.1 | Apr 20, 2025 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. | ||
| CVE-2025-43961 | — | < 0.21.4-1.1 | 0.21.4-1.1 | Apr 20, 2025 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. | ||
| CVE-2020-22628 | — | < 0.21.1-3.1 | 0.21.1-3.1 | Aug 22, 2023 | Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. | ||
| CVE-2023-1729 | — | < 0.21.1-2.1 | 0.21.1-2.1 | May 15, 2023 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | ||
| CVE-2020-15503 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Jul 2, 2020 | LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. | ||
| CVE-2015-8367 | — | < 0.17.2-1.4 | 0.17.2-1.4 | Jan 14, 2020 | The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | ||
| CVE-2018-5819 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Feb 20, 2019 | An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | ||
| CVE-2018-20337 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Dec 21, 2018 | There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2018-5815 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Dec 7, 2018 | An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. | ||
| CVE-2018-5813 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Dec 7, 2018 | An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. | ||
| CVE-2018-10529 | — | < 0.20.2-4.1 | 0.20.2-4.1 | Apr 29, 2018 | An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. |
- affected < 0.22.1-1.1fixed 0.22.1-1.1
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- affected < 0.22.1-1.1fixed 0.22.1-1.1
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- affected < 0.22.1-1.1fixed 0.22.1-1.1
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability
- affected < 0.22.1-1.1fixed 0.22.1-1.1
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- affected < 0.22.1-1.1fixed 0.22.1-1.1
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- affected < 0.22.1-1.1fixed 0.22.1-1.1
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
- affected < 0.22.1-1.1fixed 0.22.1-1.1
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is
- CVE-2025-43964Apr 20, 2025affected < 0.21.4-1.1fixed 0.21.4-1.1
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
- CVE-2025-43963Apr 20, 2025affected < 0.21.4-1.1fixed 0.21.4-1.1
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
- CVE-2025-43962Apr 20, 2025affected < 0.21.4-1.1fixed 0.21.4-1.1
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
- CVE-2025-43961Apr 20, 2025affected < 0.21.4-1.1fixed 0.21.4-1.1
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
- CVE-2020-22628Aug 22, 2023affected < 0.21.1-3.1fixed 0.21.1-3.1
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
- CVE-2023-1729May 15, 2023affected < 0.21.1-2.1fixed 0.21.1-2.1
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
- CVE-2020-15503Jul 2, 2020affected < 0.20.2-4.1fixed 0.20.2-4.1
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
- CVE-2015-8367Jan 14, 2020affected < 0.17.2-1.4fixed 0.17.2-1.4
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
- CVE-2018-5819Feb 20, 2019affected < 0.20.2-4.1fixed 0.20.2-4.1
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
- CVE-2018-20337Dec 21, 2018affected < 0.20.2-4.1fixed 0.20.2-4.1
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
- CVE-2018-5815Dec 7, 2018affected < 0.20.2-4.1fixed 0.20.2-4.1
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
- CVE-2018-5813Dec 7, 2018affected < 0.20.2-4.1fixed 0.20.2-4.1
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
- CVE-2018-10529Apr 29, 2018affected < 0.20.2-4.1fixed 0.20.2-4.1
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
Page 1 of 2