CVE-2026-5318: LibRaw Out-of-bounds Write Vulnerability
Platform
c
Component
libraw
Fixed in
0.22.1
CVE-2026-5318 describes an out-of-bounds write vulnerability found in LibRaw. Specifically, the `HuffTable::initval` function within `src/decompressors/losslessjpeg.cpp` is susceptible to manipulation of the `bits[]` argument, leading to an out-of-bounds write. This vulnerability can be exploited remotely, potentially leading to code execution or denial of service. LibRaw versions 0.1 through 0.22.0 are affected. Version 0.22.1 addresses this issue.
How to fix
Actualice a la versión 0.22.1 o posterior para corregir la vulnerabilidad de escritura fuera de límites en la función HuffTable::initval. Esta actualización aborda la manipulación del argumento bits[] que puede provocar una escritura fuera de límites.
Frequently asked questions
What is CVE-2026-5318?
CVE-2026-5318 is an out-of-bounds write vulnerability in LibRaw's JPEG DHT Parser, where manipulating the `bits[]` argument in the `HuffTable::initval` function can cause memory corruption.
Am I affected by CVE-2026-5318?
You are affected if you are using LibRaw versions 0.1 up to and including 0.22.0. This vulnerability allows for remote exploitation.
How do I fix CVE-2026-5318?
Upgrade to LibRaw version 0.22.1. This version includes a patch (a6734e867b19d75367c05f872ac26322464e3995) that resolves the out-of-bounds write vulnerability.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free