{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24450", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-29T14:01:21.412Z", "datePublished": "2026-04-07T13:49:23.872Z", "dateUpdated": "2026-04-08T03:55:46.772Z"}, "containers": {"cna": {"affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"version": "Commit 8dc68e2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE", "cweId": "CWE-190"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:23.872Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:24.613Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-24450"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T03:55:46.772Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-24450", "lastModified": "2026-04-07T17:16:27.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-04-07T15:17:37.040", "references": [{"source": "talos-cna@cisco.com", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"bugzilla": {"description": "LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file", "id": "2455925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455925"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the `uncompressed_fp_dng_load_raw` functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code execution or a denial of service."], "name": "CVE-2026-24450", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-07T13:49:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24450\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24450\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"], "statement": "This flaw in the LibRaw library consists in an integer overflow in the `uncompressed_fp_dng_load_raw` function, a successfully performed attack may lead to a heap buffer overflow and potentially arbitrary code execution or denial of service. The vulnerability stems from the usage of a 32-bit arithmetic to calculate the pixel buffers when decoding the raw image file, which may end up overflowing when processing user controlled images as input. The calculation result is further used within 64-bit boundary checking however the proper cast is missing and the result value is used to allocate the buffer from memory, when the overflow happens the function may start writing outside of the expected memory boundary leading to data corruption.\nRed Hat Product Security has rated this vulnerability as having a Moderate impact, despite the possibility of arbitrary code execution due to the heap-based buffer overflow, as the user needs to be tricked to process a maliciously crafted image or LibRaw needs to be exposed to the network and accept untrusted data as input.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "8dc68e2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LibRaw", "source": "cna", "vendor": "LibRaw"}, "product": "libraw", "vendor": "libraw"}], "analysis": {"en": {"generated_at": "2026-04-07T19:38:12.557894+00:00", "value": {"mitigation_remediation": ["Update LibRaw to the latest version that includes the fix for the integer overflow bug.", "If updating is not immediately possible, quarantine or restrict the processing of untrusted DNG files.", "Verify that no older LibRaw binaries remain in the environment and monitor for related alerts."], "summary": {"action": "Immediate Patch", "impact": "Heap Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in the LibRaw library, specifically in the version containing commit 8dc68e2. Any LibRaw product that incorporates this commit, before a later fix, is affected. This includes all distributions using LibRaw for DNG file processing.", "description_and_impact": "An integer overflow bug in LibRaw's uncompressed_fp_dng_load_raw function allows a crafted DNG file to overflow a heap buffer. This flaw can corrupt memory and potentially lead to a crash or arbitrary code execution by an attacker controlling the file. The weakness stems from improper bounds checking during raw data loading, as highlighted by CWE\u2011190.", "risk_and_exploitability": "The CVSS score of 8.1 reflects a high severity. No EPSS data is available and the issue is not listed in the KEV catalog, indicating it may not yet be widely exploited. An attacker can supply a malicious DNG file to trigger the overflow; the attack vector is inferred to be local file processing but could be leveraged remotely if a service accepts user-supplied files. Exploitation requires the vulnerable LibRaw library to be loaded."}}}}, "created": "2026-04-08T19:37:56.079699+00:00", "title": "Integer Overflow in LibRaw DNG Loader Leads to Heap Buffer Overflow", "updated": "2026-04-08T19:49:26.846902+00:00", "vendors": ["libraw", "libraw$PRODUCT$libraw"]}