9.8

CVE-2026-21413

Exploit
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibrawLibraw Version0.22.0
LibrawLibraw Version0.22.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.502
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
talos-cna@cisco.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
Third Party Advisory
Exploit
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331
Third Party Advisory
Exploit
https://access.redhat.com/errata/RHSA-2026:13284
https://access.redhat.com/errata/RHSA-2026:14224
https://access.redhat.com/errata/RHSA-2026:14655
https://access.redhat.com/errata/RHSA-2026:14673
https://access.redhat.com/errata/RHSA-2026:11360
https://access.redhat.com/errata/RHSA-2026:13854
https://access.redhat.com/errata/RHSA-2026:13860
https://access.redhat.com/errata/RHSA-2026:13868
https://access.redhat.com/errata/RHSA-2026:13870
https://access.redhat.com/errata/RHSA-2026:19345
https://access.redhat.com/security/cve/CVE-2026-21413
https://bugzilla.redhat.com/show_bug.cgi?id=2455929
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21413.json