9.8
CVE-2026-21413
- EPSS 0.75%
- Veröffentlicht 07.04.2026 13:49:29
- Zuletzt bearbeitet 30.06.2026 03:17:23
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.75% | 0.502 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| talos-cna@cisco.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331
https://access.redhat.com/errata/RHSA-2026:13284
https://access.redhat.com/errata/RHSA-2026:14224
https://access.redhat.com/errata/RHSA-2026:14655
https://access.redhat.com/errata/RHSA-2026:14673
https://access.redhat.com/errata/RHSA-2026:11360
https://access.redhat.com/errata/RHSA-2026:13854
https://access.redhat.com/errata/RHSA-2026:13860
https://access.redhat.com/errata/RHSA-2026:13868
https://access.redhat.com/errata/RHSA-2026:13870
https://access.redhat.com/errata/RHSA-2026:19345
https://access.redhat.com/security/cve/CVE-2026-21413
https://bugzilla.redhat.com/show_bug.cgi?id=2455929
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21413.json