VYPR

Vendor CVEs

Libraw

All CVEs

66 total · sorted by risk
  • CVE-2026-21413CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this…

  • CVE-2026-20911CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2026-20889CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2017-14265CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.04

    A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

  • CVE-2017-6886CriMay 16, 2017
    risk 0.64cvss 9.8epss 0.03

    An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

  • CVE-2017-6890CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

  • CVE-2017-6889CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

  • CVE-2017-14608CriSep 20, 2017
    risk 0.59cvss 9.1epss 0.02

    In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

  • CVE-2017-14348HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.02

    LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.

  • CVE-2026-24660HigApr 7, 2026
    risk 0.53cvss 8.1epss 0.01

    A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2026-24450HigApr 7, 2026
    risk 0.53cvss 8.1epss 0.00

    An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2026-20884HigApr 7, 2026
    risk 0.53cvss 8.1epss 0.00

    An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2017-6887HigMay 16, 2017
    risk 0.51cvss 7.8epss 0.02

    A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and…

  • CVE-2017-13735HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.03

    There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

  • CVE-2026-5342MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.01

    A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It…

  • CVE-2026-5318MedApr 2, 2026
    risk 0.21cvss 4.3epss 0.01

    A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate…

  • CVE-2025-43964Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

  • CVE-2025-43961Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

  • CVE-2025-43963Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

  • CVE-2025-43962Apr 20, 2025
    risk 0.00cvss epss 0.00

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

  • CVE-2020-22628Aug 22, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

  • CVE-2023-1729May 15, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

  • CVE-2021-32142Feb 17, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

  • CVE-2020-35533Sep 1, 2022
    risk 0.00cvss epss 0.00

    In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

  • CVE-2020-35534Sep 1, 2022
    risk 0.00cvss epss 0.00

    In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.

  • CVE-2020-35535Sep 1, 2022
    risk 0.00cvss epss 0.00

    In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.

  • CVE-2020-35530Sep 1, 2022
    risk 0.00cvss epss 0.00

    In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

  • CVE-2020-35531Sep 1, 2022
    risk 0.00cvss epss 0.00

    In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

  • CVE-2020-35532Sep 1, 2022
    risk 0.00cvss epss 0.00

    In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

  • CVE-2020-24870Jun 2, 2021
    risk 0.00cvss epss 0.02

    Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.

  • CVE-2020-24889Sep 16, 2020
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

  • CVE-2020-24890Sep 16, 2020
    risk 0.00cvss epss 0.02

    libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way

  • CVE-2020-15503Jul 2, 2020
    risk 0.00cvss epss 0.04

    LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

  • CVE-2020-15365Jun 28, 2020
    risk 0.00cvss epss 0.01

    LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

  • CVE-2015-8366Jan 14, 2020
    risk 0.00cvss epss 0.05

    Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

  • CVE-2019-16214Sep 11, 2019
    risk 0.00cvss epss 0.01

    Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which…

  • CVE-2018-5817Feb 20, 2019
    risk 0.00cvss epss 0.03

    A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

  • CVE-2018-5819Feb 20, 2019
    risk 0.00cvss epss 0.03

    An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

  • CVE-2018-5818Feb 20, 2019
    risk 0.00cvss epss 0.02

    An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

  • CVE-2018-20364Dec 22, 2018
    risk 0.00cvss epss 0.03

    LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

  • CVE-2018-20365Dec 22, 2018
    risk 0.00cvss epss 0.03

    LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

  • CVE-2018-20363Dec 22, 2018
    risk 0.00cvss epss 0.03

    LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

  • CVE-2018-20337Dec 21, 2018
    risk 0.00cvss epss 0.02

    There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.

  • CVE-2018-5808Dec 7, 2018
    risk 0.00cvss epss 0.03

    An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.

  • CVE-2018-5805Dec 7, 2018
    risk 0.00cvss epss 0.02

    A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.

  • CVE-2017-16910Dec 7, 2018
    risk 0.00cvss epss 0.02

    An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

  • CVE-2018-5815Dec 7, 2018
    risk 0.00cvss epss 0.02

    An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

  • CVE-2018-5804Dec 7, 2018
    risk 0.00cvss epss 0.02

    A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

  • CVE-2018-5811Dec 7, 2018
    risk 0.00cvss epss 0.02

    An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

  • CVE-2018-5812Dec 7, 2018
    risk 0.00cvss epss 0.02

    An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

Page 1 of 2