CVE-2026-5318

MEDIUM

LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write

Title source: cna

Description

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.

References (9)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/354650

[Signature, Permissions Required] https://vuldb.com/vuln/354650/cti

[Third Party Advisory] https://vuldb.com/submit/780538

[Issue Tracking] https://github.com/LibRaw/LibRaw/issues/794

[Issue Tracking] https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499

[Exploit] https://github.com/biniamf/pocs/tree/main/libraw_lljpeg

View Exploit ZIP pw:eip

[Patch] https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995

View Patch ZIP pw:eip

[Product] https://github.com/LibRaw/LibRaw/

[Patch] https://github.com/LibRaw/LibRaw/releases/tag/0.22.1

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-787

Status published

Products (23)

None/LibRaw 0.1

None/LibRaw 0.10

None/LibRaw 0.11

None/LibRaw 0.12

None/LibRaw 0.13

None/LibRaw 0.14

None/LibRaw 0.15

None/LibRaw 0.16

None/LibRaw 0.17

None/LibRaw 0.18

... and 13 more

Published Apr 02, 2026

Tracked Since Apr 02, 2026