Vulnerability Database>CVE-2026-20884

CVE-2026-20884

‍

Publish date: April 9, 2026

Severity

Critical

CVSS score

9.8

Package

libraw

Affected versions

>= 0.21.4-2

An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw, specifically in Commit 8dc68e2. A specially crafted malicious file may lead to a heap buffer overflow. An attacker can exploit this vulnerability by providing such a malicious file.

‍

Learn about Echo's vulnerability management

Learn more

NVD Record

https://nvd.nist.gov/vuln/detail/CVE-2026-20884 ‍

References:

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364 ‍
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2364

Related CVEs:

CVE-2026-20884
CVE-2026-35535 ‍
CVE-2022-44940