Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-20911EXPLOITEDPATCHED

libraw · libraw

CVE-2026-20911: A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and C

Description

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Affected Products

Vendor	Product	Versions
libraw	libraw	Commit 0b56545, Commit d20315b

References

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330

Related News (2 articles)

Tier C

oss-security6h ago

LibRaw 0.22.1 Release with security fixes

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-20911 | LibRaw 0b56545/d20315b File HuffTable::initval buffer size (TALOS-2026-2330)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

0.22.1

CWECWE-131

PublishedApr 7, 2026

Last enriched5h agov2

Trending Score74

Source articles2

Independent2

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-20889

CVE-2026-20889: A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A spec

CRITICALCVE-2026-21413

CVE-2026-21413: A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 a

HIGHCVE-2026-24660

CVE-2026-24660: A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A spec

HIGHCVE-2026-20884

CVE-2026-20884: An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially

HIGHCVE-2026-24450

CVE-2026-24450: An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A s

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026

Actively Exploited

Apr 8, 2026

Exploit Available

Apr 8, 2026

Patch Available

Apr 8, 2026

Updated: exploitAvailable, activelyExploited, patchAvailable

Apr 11, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated exploit availability to true, marked as actively exploited, and added patch version 0.22.1.

exploitAvailableactivelyExploitedpatchAvailable

via oss-security

v14d ago

Initial creation