CVE-2026-5318
Received Received - Intake
Out-of-Bounds Write in LibRaw JPEG DHT Parser Allows Remote Attack

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5318
EUVD
EUVD-2026-18116
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libraw libraw to 0.22.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details on how the vulnerability CVE-2026-5318 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-5318 is a heap out-of-bounds write vulnerability in the LibRaw library, specifically in the function HuffTable::initval within the file src/decompressors/losslessjpeg.cpp. This function builds a Huffman lookup table from JPEG DHT (Define Huffman Table) segment data. The vulnerability arises because the code does not properly validate the number of writes against the allocated size of the Huffman table, which is based on attacker-controlled input arrays.

An attacker can craft a malformed JPEG DHT segment where the total number of writes to the Huffman table exceeds its allocated size, causing writes beyond the buffer boundary (heap buffer overflow). This can lead to memory corruption, crashes, or potentially arbitrary code execution.

The root cause is missing bounds checks on the index used to write into the Huffman table and lack of validation that the Huffman code distribution forms a valid prefix-free tree. The patch fixes this by adding boundary checks and validating the total writes before populating the table.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause heap memory corruption when processing specially crafted lossless JPEG images containing malformed DHT segments. This can lead to application crashes or potentially enable execution of arbitrary code within the context of the vulnerable application.

Since LibRaw is used in software that reads and processes RAW image files, any application relying on this library to handle such images could be exploited if it processes maliciously crafted files.

The exploit is publicly available, increasing the risk of attacks. Upgrading to LibRaw version 0.22.1 or later mitigates this risk by applying the necessary boundary checks and validations.

Detection Guidance

This vulnerability arises from processing malformed JPEG DHT segments in RAW image files using the LibRaw library. Detection involves identifying attempts to process crafted or malformed lossless JPEG images that exploit the out-of-bounds write in the HuffTable::initval() function.

Since the vulnerability is triggered by specially crafted RAW image files containing malformed DHT segments, detection on a system can focus on monitoring or scanning for such suspicious files or attempts to open/process them.

There are no explicit commands provided in the resources for direct detection on a network or system. However, you can use tools like AddressSanitizer-enabled builds of LibRaw or the vulnerable application to test suspicious files and observe if heap-buffer-overflow errors occur.

For example, running the vulnerable LibRaw-based tool (like simple_dcraw) with AddressSanitizer enabled on suspicious TIFF or RAW files can reveal the vulnerability being triggered.

Additionally, monitoring for crashes or exceptions related to LibRaw's HuffTable::initval() function during image processing can indicate exploitation attempts.

Mitigation Strategies

The primary and recommended mitigation step is to upgrade the LibRaw library to version 0.22.1 or later, where this vulnerability has been fixed.

The fix involves adding boundary checks in the HuffTable::initval() function to prevent out-of-bounds writes by validating the size of the Huffman table and the number of writes.

If upgrading immediately is not possible, avoid processing untrusted or suspicious RAW image files, especially those containing lossless JPEG segments with potentially malformed DHT data.

Applying the patch identified by commit a6734e867b19d75367c05f872ac26322464e3995 to your existing LibRaw source code is another mitigation if you maintain a custom build.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5318. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart