CVE-2026-5318: Out-of-bounds Write in LibRaw
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
AI Analysis
Technical Summary
This vulnerability in LibRaw affects versions up to 0.22.0 and is caused by an out-of-bounds write in the HuffTable::initval function of the JPEG DHT Parser component. The flaw arises from manipulation of the bits[] argument, which leads to memory corruption. The vulnerability is remotely exploitable without privileges or user interaction. A public exploit exists. The issue is fixed in version 0.22.1 by patch a6734e867b19d75367c05f872ac26322464e3995.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to perform an out-of-bounds write, potentially leading to memory corruption. This may result in application crashes or other undefined behavior. The CVSS 4.0 base score is 5.3 (medium severity), indicating limited but notable impact. There is no indication of privilege escalation or confidentiality/integrity/availability loss beyond the out-of-bounds write.
Mitigation Recommendations
An official fix is available by upgrading LibRaw to version 0.22.1, which addresses this vulnerability. It is strongly recommended to apply this update to affected systems. No additional mitigations are specified or required beyond applying the patch.
CVE-2026-5318: Out-of-bounds Write in LibRaw
Description
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in LibRaw affects versions up to 0.22.0 and is caused by an out-of-bounds write in the HuffTable::initval function of the JPEG DHT Parser component. The flaw arises from manipulation of the bits[] argument, which leads to memory corruption. The vulnerability is remotely exploitable without privileges or user interaction. A public exploit exists. The issue is fixed in version 0.22.1 by patch a6734e867b19d75367c05f872ac26322464e3995.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to perform an out-of-bounds write, potentially leading to memory corruption. This may result in application crashes or other undefined behavior. The CVSS 4.0 base score is 5.3 (medium severity), indicating limited but notable impact. There is no indication of privilege escalation or confidentiality/integrity/availability loss beyond the out-of-bounds write.
Mitigation Recommendations
An official fix is available by upgrading LibRaw to version 0.22.1, which addresses this vulnerability. It is strongly recommended to apply this update to affected systems. No additional mitigations are specified or required beyond applying the patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-01T12:43:19.844Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cdd316e6bfc5ba1d496d13
Added to database: 4/2/2026, 2:23:18 AM
Last enriched: 4/9/2026, 10:30:56 PM
Last updated: 5/20/2026, 12:19:32 PM
Views: 85
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.