CVE-2026-24660 — Vulnetix

CVE-2026-24660 PUBLISHED CVSS 8.100000381469727 HIGH

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

EPSS 0.08% · 23.4th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.08%

23.4th percentile

Affected Products

Vendor	Product	Versions
LibRaw	LibRaw	Commit d20315b

Timeline

Apr 7, 2026 CVE Published
Apr 7, 2026 PoC Published
Apr 7, 2026 PoC Published
Apr 7, 2026 Security Advisory
Apr 8, 2026 CVE Updated
May 4, 2026 Distribution Patch
May 4, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 11, 2026 Distribution Patch
May 11, 2026 Security Advisory
May 11, 2026 Distribution Patch
May 11, 2026 Security Advisory

References

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359 url
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2359 url
https://nvd.nist.gov/vuln/detail/CVE-2026-24660 advisory

Open in Interactive Console →