RLSA-2026:13284

Security

Mirrored from RHSA-2026:13284

Issued at: 2026-05-06

Updated at: 2026-05-06

Synopsis

Important: LibRaw security update

Description

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).

Security Fix(es):

* LibRaw: LibRaw: Memory Corruption via Malicious File Processing (CVE-2026-24660)

* LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading (CVE-2026-21413)

* LibRaw: LibRaw: Arbitrary code execution via specially crafted image file (CVE-2026-20889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 x86_64

Fixes

2455926

2455929

2455942

CVEs

CVE-2026-20889

CVE-2026-21413

CVE-2026-24660

Affected packages

Rocky Linux 8 x86_64 - AppStream

LibRaw-0:0.19.5-6.el8_10.i686.rpm

LibRaw-0:0.19.5-6.el8_10.src.rpm

LibRaw-0:0.19.5-6.el8_10.x86_64.rpm

LibRaw-debuginfo-0:0.19.5-6.el8_10.i686.rpm

LibRaw-debuginfo-0:0.19.5-6.el8_10.x86_64.rpm

LibRaw-debugsource-0:0.19.5-6.el8_10.i686.rpm

LibRaw-debugsource-0:0.19.5-6.el8_10.x86_64.rpm

Rocky Linux 8 x86_64 - PowerTools

LibRaw-devel-0:0.19.5-6.el8_10.i686.rpm

LibRaw-devel-0:0.19.5-6.el8_10.x86_64.rpm