| Name | CVE-2026-5318 |
| Description | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1132655 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libraw (PTS) | bullseye | 0.20.2-1+deb11u1 | fixed |
| bullseye (security) | 0.20.2-1+deb11u2 | fixed | |
| bookworm | 0.20.2-2.1+deb12u1 | fixed | |
| trixie | 0.21.4-2 | fixed | |
| forky, sid | 0.22.1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libraw | source | bullseye | (not affected) | |||
| libraw | source | bookworm | (not affected) | |||
| libraw | source | trixie | (not affected) | |||
| libraw | source | (unstable) | 0.22.1-1 | 1132655 |
[trixie] - libraw <not-affected> (Vulnerable code not present)
[bookworm] - libraw <not-affected> (Vulnerable code not present)
[bullseye] - libraw <not-affected> (Vulnerable code not present)
https://github.com/LibRaw/LibRaw/issues/794
Fixed by: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
Fixed by: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b (0.22.1)
Introduced by: https://github.com/LibRaw/LibRaw/commit/12b0e5d60c57bb795382fda8494fc45f683550b8 (0.22.0)