CVE-2026-5318
Out-of-Bounds Write in LibRaw JPEG DHT Parser Allows Remote Attack
Publication date: 2026-04-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libraw | libraw | to 0.22.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details on how the vulnerability CVE-2026-5318 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-5318 is a heap out-of-bounds write vulnerability in the LibRaw library, specifically in the function HuffTable::initval within the file src/decompressors/losslessjpeg.cpp. This function builds a Huffman lookup table from JPEG DHT (Define Huffman Table) segment data. The vulnerability arises because the code does not properly validate the number of writes against the allocated size of the Huffman table, which is based on attacker-controlled input arrays.
An attacker can craft a malformed JPEG DHT segment where the total number of writes to the Huffman table exceeds its allocated size, causing writes beyond the buffer boundary (heap buffer overflow). This can lead to memory corruption, crashes, or potentially arbitrary code execution.
The root cause is missing bounds checks on the index used to write into the Huffman table and lack of validation that the Huffman code distribution forms a valid prefix-free tree. The patch fixes this by adding boundary checks and validating the total writes before populating the table.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause heap memory corruption when processing specially crafted lossless JPEG images containing malformed DHT segments. This can lead to application crashes or potentially enable execution of arbitrary code within the context of the vulnerable application.
Since LibRaw is used in software that reads and processes RAW image files, any application relying on this library to handle such images could be exploited if it processes maliciously crafted files.
The exploit is publicly available, increasing the risk of attacks. Upgrading to LibRaw version 0.22.1 or later mitigates this risk by applying the necessary boundary checks and validations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from processing malformed JPEG DHT segments in RAW image files using the LibRaw library. Detection involves identifying attempts to process crafted or malformed lossless JPEG images that exploit the out-of-bounds write in the HuffTable::initval() function.
Since the vulnerability is triggered by specially crafted RAW image files containing malformed DHT segments, detection on a system can focus on monitoring or scanning for such suspicious files or attempts to open/process them.
There are no explicit commands provided in the resources for direct detection on a network or system. However, you can use tools like AddressSanitizer-enabled builds of LibRaw or the vulnerable application to test suspicious files and observe if heap-buffer-overflow errors occur.
For example, running the vulnerable LibRaw-based tool (like simple_dcraw) with AddressSanitizer enabled on suspicious TIFF or RAW files can reveal the vulnerability being triggered.
Additionally, monitoring for crashes or exceptions related to LibRaw's HuffTable::initval() function during image processing can indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade the LibRaw library to version 0.22.1 or later, where this vulnerability has been fixed.
The fix involves adding boundary checks in the HuffTable::initval() function to prevent out-of-bounds writes by validating the size of the Huffman table and the number of writes.
If upgrading immediately is not possible, avoid processing untrusted or suspicious RAW image files, especially those containing lossless JPEG segments with potentially malformed DHT data.
Applying the patch identified by commit a6734e867b19d75367c05f872ac26322464e3995 to your existing LibRaw source code is another mitigation if you maintain a custom build.