DEBIAN-CVE-2026-24808

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2026-24808
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-24808.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-24808
Upstream
Published
2026-01-27T09:15:51.023Z
Modified
2026-02-05T14:00:55.951161Z
Severity
  • 8.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Amber CVSS Calculator
Summary
[none]
Details

Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11.

References

Affected packages

Debian:11 / rawtherapee

Package

Name
rawtherapee
Purl
pkg:deb/debian/rawtherapee?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.8-3
5.8-4
5.9-1
5.9-2
5.10-1
5.11-1
5.11-2
5.12-1
5.12-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-24808.json"

Debian:12 / rawtherapee

Package

Name
rawtherapee
Purl
pkg:deb/debian/rawtherapee?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.9-1
5.9-2
5.10-1
5.11-1
5.11-2
5.12-1
5.12-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-24808.json"

Debian:13 / rawtherapee

Package

Name
rawtherapee
Purl
pkg:deb/debian/rawtherapee?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.11-2
5.12-1
5.12-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-24808.json"

Debian:14 / rawtherapee

Package

Name
rawtherapee
Purl
pkg:deb/debian/rawtherapee?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.12-1

Affected versions

5.*
5.11-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-24808.json"