CVE-2026-5342: Out-of-Bounds Read in LibRaw
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
AI Analysis
Technical Summary
This vulnerability exists in LibRaw versions up to 0.22.0 in the TIFF/NEF decoder component, where improper handling of input parameters load_flags and raw_width in the function nikon_load_padded_packed_raw leads to an out-of-bounds read. This memory safety issue can be triggered remotely and has a CVSS 4.0 base score of 6.9, indicating a medium severity. The issue is fixed in version 0.22.1 by patch b8397cd45657b84e88bd1202528d1764265f185c.
Potential Impact
Successful exploitation of this vulnerability can cause an out-of-bounds read, which may lead to application crashes or potential information disclosure. The vulnerability can be triggered remotely without authentication or user interaction. No evidence of widespread exploitation is reported at this time.
Mitigation Recommendations
Upgrade LibRaw to version 0.22.1 or later, which contains the official fix for this vulnerability. This is the recommended and effective remediation. No other mitigations are indicated by the vendor advisory.
CVE-2026-5342: Out-of-Bounds Read in LibRaw
Description
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in LibRaw versions up to 0.22.0 in the TIFF/NEF decoder component, where improper handling of input parameters load_flags and raw_width in the function nikon_load_padded_packed_raw leads to an out-of-bounds read. This memory safety issue can be triggered remotely and has a CVSS 4.0 base score of 6.9, indicating a medium severity. The issue is fixed in version 0.22.1 by patch b8397cd45657b84e88bd1202528d1764265f185c.
Potential Impact
Successful exploitation of this vulnerability can cause an out-of-bounds read, which may lead to application crashes or potential information disclosure. The vulnerability can be triggered remotely without authentication or user interaction. No evidence of widespread exploitation is reported at this time.
Mitigation Recommendations
Upgrade LibRaw to version 0.22.1 or later, which contains the official fix for this vulnerability. This is the recommended and effective remediation. No other mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-01T14:52:36.913Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ce82f2e6bfc5ba1de1d95d
Added to database: 4/2/2026, 2:53:38 PM
Last enriched: 4/9/2026, 10:31:00 PM
Last updated: 5/20/2026, 8:52:02 PM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.