Heap-Based Buffer Overflow in LibRaw Affects Users
CVE-2026-20911

9.8CRITICAL

Key Information:

Vendor: Libraw
Status: Libraw
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-20911?

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw. This vulnerability allows an attacker to construct a specially crafted malicious file which, when processed, can trigger the overflow condition, potentially leading to unexpected application behavior and system compromise. Users are encouraged to apply security patches and follow best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

LibRaw Commit 0b56545

LibRaw Commit d20315b

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Jan 21, 2026

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2026-20911 Data

JSON

Libraw

What is CVE-2026-20911?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit