VYPR
Vendor

Libraw

Products
2
CVEs
66
Across products
66
Status
Private

Products

2

Recent CVEs

66
View all 66 CVEs →
  • CVE-2026-21413CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this…

  • CVE-2026-20911CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.00

    A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2026-20889CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2017-14265CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.04

    A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

  • CVE-2017-6886CriMay 16, 2017
    risk 0.64cvss 9.8epss 0.03

    An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

  • CVE-2017-6890CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

  • CVE-2017-6889CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

  • CVE-2017-14608CriSep 20, 2017
    risk 0.59cvss 9.1epss 0.02

    In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

  • CVE-2017-14348HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.02

    LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.

  • CVE-2026-24660HigApr 7, 2026
    risk 0.53cvss 8.1epss 0.00

    A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2026-24450HigApr 7, 2026
    risk 0.53cvss 8.1epss 0.00

    An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2026-20884HigApr 7, 2026
    risk 0.53cvss 8.1epss 0.00

    An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2017-6887HigMay 16, 2017
    risk 0.51cvss 7.8epss 0.02

    A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and…

  • CVE-2017-13735HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.03

    There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

  • CVE-2026-5342MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.01

    A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It…

  • CVE-2026-5318MedApr 2, 2026
    risk 0.21cvss 4.3epss 0.01

    A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate…

  • CVE-2025-43963Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

  • CVE-2025-43962Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

  • CVE-2025-43961Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

  • CVE-2025-43964Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.