CVE-2026-5342
Received Received - Intake
Out-of-Bounds Read in LibRaw TIFF/NEF Allows Remote Exploit

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5342
EUVD
EUVD-2026-18344
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libraw libraw to 0.22.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5342 is a heap out-of-bounds read vulnerability in the LibRaw library, specifically in the function LibRaw::nikon_load_padded_packed_raw() located in src/decoders/decoders_libraw.cpp.

The vulnerability occurs because the function allocates a buffer based on the metadata field load_flags but then reads image data using loop bounds derived from another metadata field, raw_width, without validating that the buffer size is sufficient for this access.

This lack of validation means that if a crafted TIFF/NEF file contains inconsistent load_flags and raw_width metadata, the function can read beyond the allocated buffer, causing a heap-buffer-overflow.

The issue can be triggered remotely by processing specially crafted Nikon RAW files, and an exploit has been published.

The vulnerability is fixed by adding a validation check to ensure the buffer size is sufficient before reading, and by recalculating the padded row size accurately to prevent out-of-bounds access.

Impact Analysis

This vulnerability can lead to a heap out-of-bounds read when processing crafted Nikon RAW image files using the LibRaw library.

The impact includes potential application crashes or abnormal behavior due to reading memory beyond allocated buffers.

While the vulnerability does not directly affect confidentiality, integrity, or availability in a broad sense, it can cause denial of service by crashing the application.

Because the exploit can be triggered remotely by supplying malicious image files, any system or application using vulnerable versions of LibRaw to process such files is at risk.

Upgrading to LibRaw version 0.22.1 or later mitigates this issue.

Detection Guidance

This vulnerability can be detected by testing the LibRaw library's handling of Nikon RAW files, specifically by using a crafted TIFF/NEF file that triggers the out-of-bounds read in the function LibRaw::nikon_load_padded_packed_raw().

A proof of concept (PoC) file named poc_nikonpadded_oob.tif has been used to detect this vulnerability.

Detection can be performed by running the LibRaw binary (such as simple_dcraw) compiled with AddressSanitizer and Undefined Behavior Sanitizer on the PoC file. The sanitizer will report a heap-buffer-overflow due to reading beyond the allocated buffer.

  • Compile simple_dcraw with AddressSanitizer and Undefined Behavior Sanitizer enabled.
  • Run the command: ./simple_dcraw poc_nikonpadded_oob.tif
  • Observe sanitizer output for heap-buffer-overflow errors indicating the vulnerability.
Mitigation Strategies

The primary mitigation step is to upgrade the LibRaw library to version 0.22.1 or later, where this vulnerability has been fixed.

The fix involves adding validation checks to ensure the buffer size allocated matches the expected size based on image metadata, preventing out-of-bounds reads.

Specifically, the patch recalculates the padded row size accurately and validates it before allocation and reading, preventing exploitation.

  • Upgrade LibRaw to version 0.22.1 or newer.
  • If upgrading is not immediately possible, apply the patch identified by commit b8397cd45657b84e88bd1202528d1764265f185c to the affected source code.
  • Avoid processing untrusted or suspicious TIFF/NEF files until the fix is applied.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart