Description
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
Published: 2026-04-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

The LibRaw library, widely used for decoding camera RAW files, contains a flaw in its Nikon padded packed RAW decoder (nikon_load_padded_packed_raw) inside the TIFF/NEF component. By providing a specially crafted image with manipulated load_flags or raw_width values, an attacker can trigger an out‑of‑bounds read, allowing the program to read data beyond the intended buffer. While the current published exploit only demonstrates a memory disclosure, the vulnerability could be combined with other techniques to potentially reach remote code execution if additional memory corruption is achieved.

Affected Systems

Any installation of LibRaw version 0.22.0 or earlier is vulnerable. This includes developers and applications that link against LibRaw to process Nikon RAW images and other libraries that embed LibRaw for image decoding.

Risk and Exploitability

The vulnerability carries a medium CVSS score of 6.9 and has been demonstrated as exploitable over the network. The EPSS score is not available, and it is not listed in the CISA KEV catalog. Attackers can remotely supply a malicious image to trigger the out‑of‑bounds read, making the risk fairly tangible for services that accept untrusted image uploads. The impact could range from exposure of sensitive data to a potential compromise if additional weaknesses are leveraged.

Generated by OpenCVE AI on April 2, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibRaw to version 0.22.1 or later, which contains a patch for the out‑of‑bounds read in nikon_load_padded_packed_raw.
  • Verify the library version post‑upgrade by checking the released version string or querying the application’s version interface.
  • If an upgrade is not immediately possible, configure the application or library to reject or skip Nikon padded packed RAW files, thereby preventing the vulnerable decoding path.
  • Continuously monitor the LibRaw GitHub repository and security advisories for further updates or additional mitigations.

Generated by OpenCVE AI on April 2, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
Title LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds
First Time appeared Libraw
Libraw libraw
Weaknesses CWE-119
CWE-125
CPEs cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*
Vendors & Products Libraw
Libraw libraw
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Libraw Libraw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-03T19:54:38.805Z

Reserved: 2026-04-01T14:52:36.913Z

Link: CVE-2026-5342

cve-icon Vulnrichment

Updated: 2026-04-03T19:54:34.022Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T15:16:53.343

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-5342

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-02T14:30:14Z

Links: CVE-2026-5342 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:59Z

Weaknesses