DEBIAN-CVE-2026-5342

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-5342

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5342.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-5342

Upstream

CVE-2026-5342

Published

2026-04-02T15:16:53.343Z

Modified

2026-04-08T09:01:20.642849Z

Severity

5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikonloadpaddedpackedraw of the file src/decoders/decoderslibraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument loadflags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.

References

https://security-tracker.debian.org/tracker/CVE-2026-5342

Affected packages

Debian:11 / libraw

Package

Name: libraw
Purl: pkg:deb/debian/libraw?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.20.2-1

0.20.2-1+deb11u1

0.20.2-1+deb11u2

0.20.2-2

0.20.2-2.1

0.21.1-1

0.21.1-2

0.21.1-3

0.21.1-4

0.21.1-5

0.21.1-6

0.21.1-7

0.21.2-1

0.21.2-2

0.21.2-2.1~exp1

0.21.2-2.1

0.21.3-1

0.21.4-1

0.21.4-2

0.21.4-3~exp1

0.21.4-3~exp2

0.21.5b-1

0.22.0-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5342.json"

Debian:12 / libraw

Package

Name: libraw
Purl: pkg:deb/debian/libraw?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.20.2-2.1

0.20.2-2.1+deb12u1

0.21.1-1

0.21.1-2

0.21.1-3

0.21.1-4

0.21.1-5

0.21.1-6

0.21.1-7

0.21.2-1

0.21.2-2

0.21.2-2.1~exp1

0.21.2-2.1

0.21.3-1

0.21.4-1

0.21.4-2

0.21.4-3~exp1

0.21.4-3~exp2

0.21.5b-1

0.22.0-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5342.json"

Debian:13 / libraw

Package

Name: libraw
Purl: pkg:deb/debian/libraw?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.21.4-2

0.21.4-3~exp1

0.21.4-3~exp2

0.21.5b-1

0.22.0-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5342.json"

Debian:14 / libraw

Package

Name: libraw
Purl: pkg:deb/debian/libraw?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.21.4-2

0.21.4-3~exp1

0.21.4-3~exp2

0.21.5b-1

0.22.0-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5342.json"