CVE-2026-24808
- Source
- https://cve.org/CVERecord?id=CVE-2026-24808
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24808.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24808
- Downstream
- Published
- 2026-01-27T09:15:51.023Z
- Modified
- 2026-03-13T04:10:23.313482Z
- Severity
-
- 8.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Amber CVSS Calculator
- Summary
- [none]
- Details
-
Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc.
This issue affects RawTherapee: through 5.11.
- References
Affected packages
Git / github.com/RawTherapee/RawTherapee
Affected versions
3.*
3.0A1
3.0A2
3.0B1
3.1.1
4.*
4.0.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1
4.2
5.*
5.0-gtk2
5.0-gtk3
5.0-r1-gtk2
5.0-r1-gtk3
5.1
5.1-rc1
5.10
5.10-rc1
5.11
5.11-rc1
5.2
5.3
5.3-rc1
5.4
5.4-rc1
5.4-rc2
5.4-rc3
5.5
5.5-rc1
5.5-rc2
5.6
5.6-rc1
5.6-rc2
5.7
5.8
5.9
5.9-rc1
Dev-3.*
Dev-3.0
Dev-3.1
Dev-3.1m1
Dev-3.1m2
Dev-3.1m3
Dev-3.1m4
Dev-3.1m5
Dev-3.1m6
Other
Dev-Darkframe
Dev-Defloat
nightly-github-actions
pre-dev-github-actions