LibRaw-0.19.5-6.el8_10

エラータID: AXSA:2026-557:02

リリース日: 
2026/05/07 Thursday - 15:30
題名: 
LibRaw-0.19.5-6.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).

Security Fix(es):

* LibRaw: LibRaw: Memory Corruption via Malicious File Processing (CVE-2026-24660)
* LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading (CVE-2026-21413)
* LibRaw: LibRaw: Arbitrary code execution via specially crafted image file (CVE-2026-20889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-20889
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-21413
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-24660
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

解決策: 

Update packages.

CVE: 
CVE-2026-20889
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-21413
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2026-24660
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. LibRaw-0.19.5-6.el8_10.src.rpm
    MD5: c0bc9ab9a3ac24cff30671e1b4067be8
    SHA-256: d82e8363adb24bc8fb36e5dc18b7ccf2bef5548ee16116284900daea571d39c3
    Size: 1.27 MB

Asianux Server 8 for x86_64
  1. LibRaw-0.19.5-6.el8_10.i686.rpm
    MD5: dda89b907ae91ea11c5a40528847ad4e
    SHA-256: 7abc29898537d1d6b6b1675eac9e2ae8dbc365ed3ba4c6fa7dbe15990735aaf6
    Size: 336.84 kB
  2. LibRaw-0.19.5-6.el8_10.x86_64.rpm
    MD5: cc30e4d8ee20c728b60e29a353b96854
    SHA-256: 830dc8eaeed40bbf337bf47309b13f3f1e7fe7b00758e389bc2c989e5c455c61
    Size: 315.71 kB
  3. LibRaw-devel-0.19.5-6.el8_10.i686.rpm
    MD5: 0bf0de888029c75bdad3ee1191bdfc70
    SHA-256: adaa6abe4b19623644d5db5dcacb84a0d01227800731ba158d94923400166515
    Size: 88.92 kB
  4. LibRaw-devel-0.19.5-6.el8_10.x86_64.rpm
    MD5: 86bafda8cd8b7ce4be8588d26a0d6823
    SHA-256: 85ce714925e426b7d6510cb3ad0167fd31c1fd1b0e6dafe99c549afe7750cd38
    Size: 88.91 kB