In LibRaw, there is an out-of-bounds write vulnerability within the "newnode()" function (libraw\src\x3f\x3futils_patched.cpp) that can be triggered via a crafted X3F file.
{ "urgency": "not yet assigned" }