{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24450", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-29T14:01:21.412Z", "datePublished": "2026-04-07T13:49:23.872Z", "dateUpdated": "2026-04-13T13:04:17.479Z"}, "containers": {"cna": {"affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"version": "Commit 8dc68e2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE", "cweId": "CWE-190"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:23.872Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:24.613Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T03:55:47.530924Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:04:17.479Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T16:23:24.613Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T03:55:47.530924Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:00:37.005Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LibRaw", "product": "LibRaw", "versions": [{"status": "affected", "version": "Commit 8dc68e2"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-04-07T13:49:23.872Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24450", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:04:17.479Z", "dateReserved": "2026-01-29T14:01:21.412Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-04-07T13:49:23.872Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libraw:libraw:0.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDC62434-024F-485D-A1B0-8608B70A2CF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-24450", "lastModified": "2026-04-10T20:51:18.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-07T15:17:37.040", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"bugzilla": {"description": "LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file", "id": "2455925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455925"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the `uncompressed_fp_dng_load_raw` functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code execution or a denial of service."], "name": "CVE-2026-24450", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-07T13:49:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24450\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24450\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"], "statement": "This flaw in the LibRaw library consists in an integer overflow in the `uncompressed_fp_dng_load_raw` function, a successfully performed attack may lead to a heap buffer overflow and potentially arbitrary code execution or denial of service. The vulnerability stems from the usage of a 32-bit arithmetic to calculate the pixel buffers when decoding the raw image file, which may end up overflowing when processing user controlled images as input. The calculation result is further used within 64-bit boundary checking however the proper cast is missing and the result value is used to allocate the buffer from memory, when the overflow happens the function may start writing outside of the expected memory boundary leading to data corruption.\nRed Hat Product Security has rated this vulnerability as having a Moderate impact, despite the possibility of arbitrary code execution due to the heap-based buffer overflow, as the user needs to be tricked to process a maliciously crafted image or LibRaw needs to be exposed to the network and accept untrusted data as input.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "8dc68e2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LibRaw", "source": "cna", "vendor": "LibRaw"}, "product": "libraw", "vendor": "libraw"}], "analysis": {"en": {"generated_at": "2026-04-10T23:09:25.469474+00:00", "value": {"mitigation_remediation": ["Verify the LibRaw version used; if it is 0.22.1 or older, plan an immediate update to a patched release.", "Apply the latest LibRaw update as soon as possible to eliminate the integer overflow and buffer overflow risk.", "If an upgrade cannot be performed immediately, restrict the processing of untrusted DNG files to a controlled sandbox environment or disable DNG support if it is not required.", "Continue to monitor vendor advisories and security bulletins for new patches or mitigations."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "This flaw affects the LibRaw library version 0.22.1. Any software\u2014desktop, mobile, or embedded\u2014that incorporates this version of LibRaw for image handling and processes DNG files is potentially vulnerable. The impact is limited to environments where a DNG file is parsed by an application using LibRaw.", "description_and_impact": "The vulnerability lies in the uncompressed_fp_dng_load_raw routine of LibRaw, where an integer overflow can cause a heap buffer overflow when processing a specially crafted DNG file. This flaw can be leveraged to execute arbitrary code within the context of the application that uses LibRaw. The underlying weakness is an integer overflow identified as CWE\u2011190, and the flaw is classified as high severity.", "risk_and_exploitability": "The CVSS score of 8.1 denotes a high severity. The EPSS score of less than 1% suggests current exploitation is unlikely, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is a malicious DNG file supplied either locally by a user or obtained over a network, which an application using LibRaw will load. The prerequisite for exploitation is minimal: the presence of LibRaw 0.22.1 and the ability to trigger the vulnerable function with a crafted file."}}}}, "created": "2026-04-08T19:37:56.079699+00:00", "updated": "2026-04-13T14:27:14.165477+00:00", "vendors": ["libraw", "libraw$PRODUCT$libraw"]}