CRITICAL
LibRaw
CVE published 2026-04-07
CVE-2026-20911
CVE-2026-20911 is a critical heap-based buffer overflow vulnerability in the HuffTable::initval functionality of LibRaw. The vulnerability exists in LibRaw Commit 0b56545 and Commit d20315b. An attacker can provide a malicious file to trigger this vulnerability, potentially leading to arbitrary code execution. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL. The CVE was published o [truncated]