USN-8522-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service. (CVE-2026-5342) It was discovered that LibRaw had an integer overflow in its DNG image loader. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-20884) It was discovered that LibRaw incorrectly handled certain X3F thumbnail data. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-20889) It was discovered that LibRaw had a heap-based buffer overflow in its lossless JPEG image loader. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-21413) It was discovered that LibRaw had an integer overflow in its uncompressed floating-point DNG image loader. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2026-24450) It was discovered that LibRaw had a heap-based buffer overflow in its X3F Huffman decoder. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-24660)
CSIRTS triage
- What
- LibRaw has multiple vulnerabilities that can lead to denial of service or arbitrary code execution.
- Who is affected
- Deployments of LibRaw that handle certain image files are affected.
- Urgency
- Remediation is urgent due to the potential for denial of service and arbitrary code execution.
- Action
- Update to the latest version of LibRaw to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch LibRaw
Get an email when a new LibRaw advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://ubuntu.com/security/notices/USN-8522-1
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-53420.73% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Low exploitation riskCVE-2026-208840.45% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 36% of all scored CVEs.
- Low exploitation riskCVE-2026-208890.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2026-214130.75% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Low exploitation riskCVE-2026-244500.45% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 36% of all scored CVEs.
- Low exploitation riskCVE-2026-246600.56% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 43% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-5342 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20884 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20889 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-21413 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-24450 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-24660 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
More from Ubuntu Security Notices
- unknownUSN-8530-1: Linux kernel (AWS) vulnerabilities2026-07-10
- unknownUSN-8529-1: Linux kernel vulnerabilities2026-07-10
- unknownUSN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilities2026-07-10
- unknownUSN-8527-1: Linux kernel (Raspberry Pi) vulnerabilities2026-07-10
- unknownUSN-8492-5: Linux kernel (FIPS) vulnerabilities2026-07-10