Heap-based Buffer Overflow in LibRaw Product by LibRaw Vendor
CVE-2026-21413

9.8CRITICAL

Key Information:

Vendor: Libraw
Status: Libraw
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-21413?

A heap-based buffer overflow vulnerability has been identified in the lossless_jpeg_load_raw functionality of LibRaw. This vulnerability can be exploited when an attacker provides a specially crafted malicious file, potentially leading to unintended behavior or further exploits. It is crucial for users of affected versions to update their software to mitigate any risks associated with this vulnerability.

Affected Version(s)

LibRaw Commit 0b56545

LibRaw Commit d20315b

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Jan 21, 2026

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2026-21413 Data

JSON

Libraw

What is CVE-2026-21413?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit