PatchSiren

Libraw CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL LibRaw CVE published 2026-04-07

CVE-2026-20911

CVE-2026-20911 is a critical heap-based buffer overflow vulnerability in the HuffTable::initval functionality of LibRaw. The vulnerability exists in LibRaw Commit 0b56545 and Commit d20315b. An attacker can provide a malicious file to trigger this vulnerability, potentially leading to arbitrary code execution. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL. The CVE was published o [truncated]