{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20884", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-29T14:17:38.877Z", "datePublished": "2026-04-07T13:49:22.423Z", "dateUpdated": "2026-04-08T03:55:45.636Z"}, "containers": {"cna": {"affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"version": "Commit 8dc68e2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE", "cweId": "CWE-190"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:22.423Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2364"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:20.112Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-20884"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T03:55:45.636Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-20884", "lastModified": "2026-04-07T17:16:26.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-04-07T15:17:35.127", "references": [{"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2364"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Commit 8dc68e2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LibRaw", "source": "cna", "vendor": "LibRaw"}, "product": "libraw", "vendor": "libraw"}], "analysis": {"en": {"generated_at": "2026-04-07T20:11:35.090651+00:00", "value": {"mitigation_remediation": ["Check the LibRaw project for a newer release that removes the vulnerable commit", "If no update is available, apply any interim patch or code change released by the maintainers to address the integer overflow", "Redesign or configure applications to reject or sandbox the loading of untrusted DNG files until a secure update is applied"], "summary": {"action": "Apply Patch", "impact": "Heap Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in LibRaw at commit 8dc68e2 and affects any application that uses this version to load DNG image files, such as photo editors, image conversion utilities, or other software that processes camera RAW images.", "description_and_impact": "A defect in the deflate_dng_load_raw routine of LibRaw allows an integer overflow when decoding a DNG file, which can overwrite heap memory. When a specially crafted file is processed, the overflow can corrupt memory and lead to unpredictable program behavior.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity. Exploitation requires a malicious DNG file and is feasible in environments where untrusted images are processed. EPSS data is not available and the issue is not listed in CISA\u2019s KEV catalog, but the lack of a publicly available patch implies that unpatched installations are at risk of memory corruption from an attacker who can supply a malicious file."}}}}, "created": "2026-04-08T19:37:57.281435+00:00", "title": "Heap Buffer Overflow via Malicious DNG File in LibRaw", "updated": "2026-04-08T19:49:27.971690+00:00", "vendors": ["libraw", "libraw$PRODUCT$libraw"]}