2454185 – (CVE-2026-5318) CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser

Bug 2454185 (CVE-2026-5318) - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser

Summary: CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JP...

Keywords:
Status:	NEW
Alias:	CVE-2026-5318
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2454221 2454222 2454225 2454228 2454231 2454232 2454233 2454235
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-02 03:01 UTC by OSIDB Bzimport
Modified:	2026-04-02 10:09 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-02 03:01:45 UTC

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.

Note You need to log in before you can comment on or make changes to this bug.