{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20911", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-21T16:22:17.256Z", "datePublished": "2026-04-07T13:49:31.223Z", "dateUpdated": "2026-04-08T03:55:51.222Z"}, "containers": {"cna": {"affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"version": "Commit 0b56545", "status": "affected"}, {"version": "Commit d20315b", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-131: Incorrect Calculation of Buffer Size", "type": "CWE", "cweId": "CWE-131"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:31.223Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-20911"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T03:55:51.222Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:22.203Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:22.203Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20911", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:35:15.879713Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:35:46.839Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"status": "affected", "version": "Commit 0b56545"}, {"status": "affected", "version": "Commit d20315b"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-131", "description": "CWE-131: Incorrect Calculation of Buffer Size"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:31.223Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20911", "state": "PUBLISHED", "dateUpdated": "2026-04-08T03:55:51.222Z", "dateReserved": "2026-01-21T16:22:17.256Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-04-07T13:49:31.223Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-20911", "lastModified": "2026-04-07T17:16:26.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-04-07T15:17:35.467", "references": [{"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"bugzilla": {"description": "LibRaw: LibRaw: Arbitrary Code Execution via specially crafted file", "id": "2455959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455959"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in LibRaw. A remote attacker can exploit a heap-based buffer overflow vulnerability in the HuffTable::initval functionality by providing a specially crafted malicious file. This can lead to arbitrary code execution or a denial of service (DoS) on the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-20911", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-07T13:49:31Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-20911\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-20911\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2026-2330"], "statement": "LibRaw is not installed by default on Red Hat systems. A user would need to manually install and make available an affected code path for this vulnerability to be exploitable.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "0b56545"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "d20315b"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LibRaw", "source": "cna", "vendor": "LibRaw"}, "product": "libraw", "vendor": "libraw"}], "analysis": {"en": {"generated_at": "2026-04-08T01:53:01.322934+00:00", "value": {"mitigation_remediation": ["Upgrade LibRaw to a version that includes the fix or apply the vendor patch if available.", "If an immediate upgrade is not possible, isolate the image processing to a sandboxed environment and restrict execution privileges.", "Verify that no untrusted files are processed by applications that link to LibRaw until a patch is applied.", "Monitor vendor notices and security advisories for updates on this vulnerability."], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "LibRaw:LibRaw is the vendor and product affected. The CVE references do not specify affected software versions; therefore the flaw could exist in any build that incorporates the affected commits. If using LibRaw, verify the version and consult the vendor for a patch.", "description_and_impact": "The vulnerability is a heap\u2011based buffer overflow in the HuffTable::initval function of LibRaw. A maliciously crafted file can trigger a heap overflow that allows an attacker to overwrite memory and potentially execute arbitrary code. This flaw is classified as CWE\u2011120 (Buffer Copy with Incorrect Size Handling) and CWE\u2011131 (Incorrect Calculation of Buffer Size).", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity. The EPSS score is not available and the vulnerability is not listed in the KEV catalog, suggesting no widespread exploitation is yet documented. The likely attack vector involves an attacker supplying a malicious raw image file that an application processes using LibRaw, which would trigger the buffer overflow and allow arbitrary code execution. Because the flaw is in a library that may be used by various imaging applications, the potential impact is broad and could compromise affected systems if the file is opened locally or processed automatically."}}}}, "created": "2026-04-08T19:37:51.057186+00:00", "updated": "2026-04-08T19:49:22.529380+00:00", "vendors": ["libraw", "libraw$PRODUCT$libraw"]}