{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21413", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-21T16:26:17.029Z", "datePublished": "2026-04-07T13:49:29.784Z", "dateUpdated": "2026-04-08T03:55:50.134Z"}, "containers": {"cna": {"affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"version": "Commit 0b56545", "status": "affected"}, {"version": "Commit d20315b", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-129: Improper Validation of Array Index", "type": "CWE", "cweId": "CWE-129"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:29.784Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-21413"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T03:55:50.134Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:23.212Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:23.212Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21413", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:38:23.828035Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:38:28.723Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"status": "affected", "version": "Commit 0b56545"}, {"status": "affected", "version": "Commit d20315b"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129: Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:29.784Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21413", "state": "PUBLISHED", "dateUpdated": "2026-04-08T03:55:50.134Z", "dateReserved": "2026-01-21T16:26:17.029Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-04-07T13:49:29.784Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-21413", "lastModified": "2026-04-07T17:16:26.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-04-07T15:17:35.633", "references": [{"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"bugzilla": {"description": "LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading", "id": "2455929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455929"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in LibRaw. A heap-based buffer overflow vulnerability exists in the `lossless_jpeg_load_raw` functionality. A remote attacker can exploit this by providing a specially crafted malicious file. This can lead to arbitrary code execution, allowing the attacker to take control of the affected system, or cause a denial of service (DoS)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-21413", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-07T13:49:29Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-21413\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-21413\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2026-2331"], "statement": "LibRaw is not installed by default on Red Hat systems. A user would need to manually install and make available an affected code path for this vulnerability to be exploitable.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Commit 0b56545"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Commit d20315b"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LibRaw", "source": "cna", "vendor": "LibRaw"}, "product": "libraw", "vendor": "libraw"}], "analysis": {"en": {"generated_at": "2026-04-08T02:26:35.701520+00:00", "value": {"mitigation_remediation": ["Upgrade LibRaw to the latest version that includes the patch for commits 0b56545 and d20315b.", "If an immediate upgrade is not feasible, isolate the application from untrusted JPEG sources and enforce strict file validation before calling LibRaw.", "Monitor system logs for anomalous image processing activity or signs of memory corruption."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in LibRaw versions that contain commits 0b56545 and d20315b. Any application or service that incorporates these LibRaw releases\u2014common in image processing, editing, or conversion tools\u2014is potentially exposed. Users of older or patched versions are not affected.", "description_and_impact": "A heap-based buffer overflow exists in LibRaw's lossless_jpeg_load_raw function. By providing a specially crafted JPEG file, a malicious actor can trigger the overflow, enabling the execution of arbitrary code. This flaw compromises both the confidentiality and integrity of the affected system, as it can be leveraged to gain full control over the environment in which the library runs.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this as a very high severity weakness. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, so precise exploitation likelihood is unclear. However, the nature of the flaw\u2014an arbitrary code execution via heap overflow\u2014is a well-known and actively exploited vulnerability. Attacks would typically occur when the target application processes a malicious JPEG file, either provided by a local user or received remotely if the service accepts external images."}}}}, "created": "2026-04-08T19:37:52.359174+00:00", "updated": "2026-04-08T19:49:23.574068+00:00", "vendors": ["libraw", "libraw$PRODUCT$libraw"]}