{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-07T13:49:23Z",
  "bugzilla" : {
    "description" : "LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file",
    "id" : "2455925",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455925"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.", "A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the `uncompressed_fp_dng_load_raw` functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code execution or a denial of service." ],
  "statement" : "This flaw in the LibRaw library consists in an integer overflow in the `uncompressed_fp_dng_load_raw` function, a successfully performed attack may lead to a heap buffer overflow and potentially arbitrary code execution or denial of service. The vulnerability stems from the usage of a 32-bit arithmetic to calculate the pixel buffers when decoding the raw image file, which may end up overflowing when processing user controlled images as input. The calculation result is further used within 64-bit boundary checking however the proper cast is missing and the result value is used to allocate the buffer from memory, when the overflow happens the function may start writing outside of the expected memory boundary leading to data corruption.\nThis vulnerability is not exploitable when the application consuming LibRaw is using the default memory limit (`max_raw_memory_mb` parameter) to unpack the RAW image. To be considered vulnerable the application should be setting the limit to around or greater then 16GB.\nRed Hat Product Security has rated this vulnerability as having a Moderate impact, despite the possibility of arbitrary code execution due to the heap-based buffer overflow, as the user needs to be tricked to process a maliciously crafted image or LibRaw needs to be exposed to the network and accepting untrusted data as input. Additionally the default `max_raw_memory_mb` value set with LibRaw is not enough to trigger the vulnerability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-28T00:00:00Z",
    "advisory" : "RHSA-2026:11360",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "LibRaw-0:0.21.1-2.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19345",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "LibRaw-0:0.21.1-2.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13870",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "LibRaw-0:0.21.1-2.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13854",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "LibRaw-0:0.21.1-2.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-24450\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24450\nhttps://github.com/LibRaw/LibRaw/releases/tag/0.22.1\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2026-2363" ],
  "name" : "CVE-2026-24450",
  "mitigation" : {
    "value" : "This vulnerability can be mitigated by limiting the amount of memory used to unpack untrusted RAW images. This needs to be set in the application using the LibRaw and can be achieved by setting the `max_raw_memory_mb` to a value smaller than 16GB.\nThis parameter can't be changed in runtime in the library, so developers needs to patch and rebuild their application to impose the new limit. It's important to notice the fact when reducing the memory limit for the decoding process may render the library unable to handle big images.",
    "lang" : "en:us"
  },
  "csaw" : false
}