Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-21413

libraw · libraw

CVE-2026-21413: A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 a

Description

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Affected Products

Vendor	Product	Versions
libraw	libraw	Commit 0b56545, Commit d20315b

References

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331

Related News (1 articles)

Tier C

VulDB4d ago

CVE-2026-21413 | LibRaw 0b56545/d20315b File lossless_jpeg_load_raw array index (TALOS-2026-2331)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-129

PublishedApr 7, 2026

Trending Score27

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-20911EXP

CVE-2026-20911: A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and C

CRITICALCVE-2026-20889

CVE-2026-20889: A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A spec

HIGHCVE-2026-24660

CVE-2026-24660: A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A spec

HIGHCVE-2026-20884

CVE-2026-20884: An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially

HIGHCVE-2026-24450

CVE-2026-24450: An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A s

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026