threat
engine
.sh
Back
·
··:··
Home
/
Product
/
libraw
Product
libraw
65 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-24660
all versions
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially craf
8.1
HIGH
CVE-2026-24450
all versions
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially c
8.1
HIGH
CVE-2026-21413
all versions
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit
9.8
CRITICAL
CVE-2026-20911
all versions
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d203
9.8
CRITICAL
CVE-2026-20889
all versions
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially craf
9.8
CRITICAL
CVE-2026-20884
all versions
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted m
8.1
HIGH
CVE-2026-5342
< 0.22.1
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decod
5.3
MEDIUM
CVE-2026-5318
< 0.22.1
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/
4.3
MEDIUM
CVE-2025-43964
< 0.21.4
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1
2.9
LOW
CVE-2025-43963
< 0.21.4
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_ro
2.9
LOW
CVE-2025-43962
< 0.21.4
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related
2.9
LOW
CVE-2025-43961
< 0.21.4
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
2.9
LOW
CVE-2020-22628
<= 0.19.5
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
6.5
MEDIUM
CVE-2023-1729
< 0.21.2
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an applicati
6.5
MEDIUM
CVE-2021-32142
all versions
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream
7.8
HIGH
CVE-2020-35535
all versions
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp
5.5
MEDIUM
CVE-2020-35534
all versions
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) whe
5.5
MEDIUM
CVE-2020-35533
all versions
In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cp
5.5
MEDIUM
CVE-2020-35532
all versions
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.
5.5
MEDIUM
CVE-2020-35531
all versions
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp
5.5
MEDIUM
CVE-2020-35530
all versions
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) t
5.5
MEDIUM
CVE-2020-24870
< 0.20.1
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
8.8
HIGH
CVE-2020-24890
all versions
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-d
5.5
MEDIUM
CVE-2020-24889
< 0.20.0
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead t
7.8
HIGH
CVE-2020-15503
<= 0.19.5
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, a
7.5
HIGH
CVE-2020-15365
all versions
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a ze
6.5
MEDIUM
CVE-2015-8367
< 0.17.1
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code
9.8
CRITICAL
CVE-2015-8366
< 0.17.1
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory error
9.8
CRITICAL
CVE-2018-5819
< 0.19.1
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploite
7.5
HIGH
CVE-2018-5818
< 0.19.1
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited
7.5
HIGH
CVE-2018-5817
< 0.19.1
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp
7.5
HIGH
CVE-2018-20365
<= 0.19.1
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
6.5
MEDIUM
CVE-2018-20364
<= 0.19.1
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
6.5
MEDIUM
CVE-2018-20363
<= 0.19.1
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
6.5
MEDIUM
CVE-2018-20337
all versions
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will le
8.8
HIGH
CVE-2018-5816
< 0.18.12
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be
6.5
MEDIUM
CVE-2018-5815
< 0.18.12
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be
6.5
MEDIUM
CVE-2018-5813
< 0.18.11
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an
6.5
MEDIUM
CVE-2018-5812
< 0.18.9
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exp
6.5
MEDIUM
CVE-2018-5811
< 0.18.9
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exp
6.5
MEDIUM
CVE-2018-5810
< 0.18.9
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited t
8.8
HIGH
CVE-2018-5809
< 0.18.9
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploite
8.8
HIGH
CVE-2018-5808
< 0.18.9
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cau
8.8
HIGH
CVE-2018-5807
< 0.18.9
An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited
8.8
HIGH
CVE-2018-5806
< 0.18.8
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited
6.5
MEDIUM
CVE-2018-5805
< 0.18.8
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can
8.8
HIGH
CVE-2018-5804
< 0.18.8
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be expl
6.5
MEDIUM
CVE-2018-5802
< 0.18.7
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions
8.8
HIGH
CVE-2018-5801
< 0.18.7
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigge
6.5
MEDIUM
CVE-2018-5800
< 0.18.7
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0
6.5
MEDIUM
CVE-2017-16910
< 0.18.6
An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be
6.5
MEDIUM
CVE-2017-16909
< 0.18.6
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be explo
8.8
HIGH
CVE-2018-10529
all versions
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in l
8.8
HIGH
CVE-2018-10528
all versions
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
8.8
HIGH
CVE-2017-14608
<= 0.18.4
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and intern
9.1
CRITICAL
CVE-2017-14348
<= 0.18.3
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
8.8
HIGH
CVE-2017-14265
<= 0.18.2
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could
9.8
CRITICAL
CVE-2017-13735
all versions
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a re
7.5
HIGH
CVE-2017-6887
<= 0.18.1
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploi
7.8
HIGH
CVE-2017-6886
<= 0.18.1
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to c
9.8
CRITICAL
CVE-2017-6890
<= 0.18.1
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pa
9.8
CRITICAL
CVE-2017-6889
<= 0.18.1
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can
9.8
CRITICAL
CVE-2013-1439
all versions
The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial
CVE-2013-2127
<= 0.15.0
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of se
CVE-2013-2126
<= 0.15.1
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-depend
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin