anonhaven
Ad

CVE-2026-21413

CRITICAL CVSS 3.1: 9.8 EPSS 0.05%
Updated Apr 10, 2026
Libraw
Parameter Value
CVSS 9.8 (CRITICAL)
Type CWE-129 (Improper Validation of Array Index)
Vendor Libraw
Public PoC No

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-129 Improper Validation of Array Index

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Libraw Libraw
cpe:2.3:a:libraw:libraw:0.22.0:*:*:*:*:*:*:*
Libraw Libraw
cpe:2.3:a:libraw:libraw:0.22.1:*:*:*:*:*:*:*

References 2

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-24660

Libraw

9.8

CVE-2026-24450

Libraw

9.8

CVE-2026-20911

Libraw

9.8

CVE-2026-20889

Libraw

9.8

CVE-2026-20884

Libraw

9.8