CVE-2026-24808

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24808

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24808.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24808

Downstream

DEBIAN-CVE-2026-24808

UBUNTU-CVE-2026-24808

Published

2026-01-27T09:15:51.023Z

Modified

2026-01-29T06:51:30.689956Z

Severity

8.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Amber CVSS Calculator

Summary

[none]

Details

Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc.

This issue affects RawTherapee: through 5.11.

References

https://github.com/RawTherapee/RawTherapee/pull/7359

Affected packages

Git / github.com/rawtherapee/rawtherapee

Affected ranges

Type: GIT
Repo: https://github.com/rawtherapee/rawtherapee
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

db575c6690d30ce6428c0e1383bec8b8f1fb8d21

Affected versions

3.*

3.0A1

3.0A2

3.0B1

3.1.1

4.*

4.0.0

4.0.1

4.0.10

4.0.11

4.0.12

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1

4.2

5.*

5.0-gtk2

5.0-gtk3

5.0-r1-gtk2

5.0-r1-gtk3

5.1

5.1-rc1

5.10

5.10-rc1

5.11

5.11-rc1

5.2

5.3

5.3-rc1

5.4

5.4-rc1

5.4-rc2

5.4-rc3

5.5

5.5-rc1

5.5-rc2

5.6

5.6-rc1

5.6-rc2

5.7

5.8

5.9

5.9-rc1

Dev-3.*

Dev-3.0

Dev-3.1

Dev-3.1m1

Dev-3.1m2

Dev-3.1m3

Dev-3.1m4

Dev-3.1m5

Dev-3.1m6

Other

Dev-Darkframe

Dev-Defloat

nightly-github-actions

pre-dev-github-actions

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24808.json"