SUSE Package Hub - SUSE-PackageHub-16.0-599

Update Info

SUSE-PackageHub-16.0-599

Security update for libraw

Type: security

Severity: important

Issued: 2026-04-20

Description:

This update for libraw fixes the following issues:

- CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499).
- CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671).
- CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672).
- CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673).
- CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674).
- CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675).
- CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676).

References

CVE: CVE-2026-5342
CVE: CVE-2026-24660
CVE: CVE-2026-24450
CVE: CVE-2026-21413
CVE: CVE-2026-20911
CVE: CVE-2026-20889
CVE: CVE-2026-20884
Bugzilla: 1261676 VUL-0: CVE-2026-24660: libraw: heap-based buffer overflow vulnerability in the x3f_load_huffman
Bugzilla: 1261675 VUL-0: CVE-2026-24450: libraw: integer overflow vulnerability in uncompressed_fp_dng_load_raw
Bugzilla: 1261674 VUL-0: CVE-2026-21413: libraw: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw
Bugzilla: 1261673 VUL-0: CVE-2026-20911: libraw: heap-based buffer overflow vulnerability in the HuffTable::initval
Bugzilla: 1261672 VUL-0: CVE-2026-20889: libraw: heap-based buffer overflow vulnerability in the x3f_thumb_loader
Bugzilla: 1261671 VUL-0: CVE-2026-20884: libraw: integer overflow vulnerability in the deflate_dng_load_raw
Bugzilla: 1261499 VUL-0: CVE-2026-5342: libraw: crafted TIFF/NEF file can cause an out-of-bounds read

Packages

libraw-0.21.4-160000.3.1