Packages
- libraw - raw image decoder library
Details
It was discovered that LibRaw incorrectly handled certain Nikon RAW image
files. An attacker could possibly use this issue to cause LibRaw to crash,
resulting in a denial of service. (CVE-2026-5342)
It was discovered that LibRaw had an integer overflow in its DNG image
loader. An attacker could possibly use this issue to cause LibRaw to
crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-20884)
It was discovered that LibRaw incorrectly handled certain X3F thumbnail
data. An attacker could possibly use this issue to cause LibRaw to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2026-20889)
It was discovered that LibRaw had a heap-based buffer overflow in its
lossless JPEG image loader. An attacker could possibly use this issue to
cause LibRaw to crash,...
It was discovered that LibRaw incorrectly handled certain Nikon RAW image
files. An attacker could possibly use this issue to cause LibRaw to crash,
resulting in a denial of service. (CVE-2026-5342)
It was discovered that LibRaw had an integer overflow in its DNG image
loader. An attacker could possibly use this issue to cause LibRaw to
crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-20884)
It was discovered that LibRaw incorrectly handled certain X3F thumbnail
data. An attacker could possibly use this issue to cause LibRaw to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2026-20889)
It was discovered that LibRaw had a heap-based buffer overflow in its
lossless JPEG image loader. An attacker could possibly use this issue to
cause LibRaw to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2026-21413)
It was discovered that LibRaw had an integer overflow in its uncompressed
floating-point DNG image loader. An attacker could possibly use this issue
to cause LibRaw to crash, resulting in a denial of service, or execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04.
(CVE-2026-24450)
It was discovered that LibRaw had a heap-based buffer overflow in its X3F
Huffman decoder. An attacker could possibly use this issue to cause LibRaw
to crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-24660)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | libraw-bin – 0.21.5b-1ubuntu1.1 | ||
| libraw23t64 – 0.21.5b-1ubuntu1.1 | |||
| 24.04 LTS noble | libraw-bin – 0.21.2-2.1ubuntu0.24.04.2 | ||
| libraw23t64 – 0.21.2-2.1ubuntu0.24.04.2 | |||
| 22.04 LTS jammy | libraw-bin – 0.20.2-2ubuntu2.22.04.3 | ||
| libraw20 – 0.20.2-2ubuntu2.22.04.3 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.