Vulnerability Database>CVE-2026-24450

CVE-2026-24450

‍

Publish date: April 9, 2026

Severity

Critical

CVSS score

9.8

Package

libraw

Affected versions

>= 0.21.4-2, < 0.21.4-2+e1

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw, specifically in Commit 8dc68e2. This vulnerability can be triggered by a specially crafted malicious file, which may lead to a heap buffer overflow. An attacker is able to provide such a malicious file to exploit this vulnerability.

‍

Learn about Echo's vulnerability management

Learn more

CVE-2026-24450

NVD Record:

References:

Related CVEs: