LibRaw-0.21.1-2.el9_7

エラータID: AXSA:2026-528:01

Release date: 
Monday, May 4, 2026 - 11:08
Subject: 
LibRaw-0.21.1-2.el9_7
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).

Security Fix(es):

* LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file (CVE-2026-24450)
* LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading (CVE-2026-21413)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-21413
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-24450
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2026-21413
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-24450
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. LibRaw-0.21.1-2.el9_7.src.rpm
    MD5: 99be59fe3f5bb45ba54f774b68f28586
    SHA-256: 45df5c99ecf8fbbec85553e40b86d643c87270cadec26e2ea65df1c3169c467c
    Size: 565.37 kB

Asianux Server 9 for x86_64
  1. LibRaw-0.21.1-2.el9_7.i686.rpm
    MD5: 11056d57ce0e8bf786ab43cf9af0003a
    SHA-256: 20f464ab9dcf77b6597373919a3ed401aae93a7188f644ef11995bc07fda413e
    Size: 432.30 kB
  2. LibRaw-0.21.1-2.el9_7.x86_64.rpm
    MD5: b5d23548759fa335017ec481d6c57f2b
    SHA-256: 028ee1f74631a86be4faf61c88521b865f8ec187e3a317faf03f380c0e0bc6b5
    Size: 407.41 kB
  3. LibRaw-devel-0.21.1-2.el9_7.i686.rpm
    MD5: dc2357918e4e8c79873322a43716f336
    SHA-256: 1ea2941ecf041ca7c3f81d2c89e6ca594f165d3ed451a8feb6be1e845d0c9100
    Size: 102.26 kB
  4. LibRaw-devel-0.21.1-2.el9_7.x86_64.rpm
    MD5: 6e234f3b65dbad1c14131fa498398634
    SHA-256: 0e252e0e48272756bd5c6ddabc84b679aaa50225589d80e36b37f042608c71cf
    Size: 102.33 kB