[Git][security-tracker-team/security-tracker][master] Track fixes in 0.22.1 for libraw issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 11 14:05:11 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79630923 by Salvatore Bonaccorso at 2026-05-11T15:04:40+02:00
Track fixes in 0.22.1 for libraw issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20073,10 +20073,12 @@ CVE-2026-24660 (A heap-based buffer overflow vulnerability exists in the x3f_loa
 	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a4a0ab69d286c7638741e70a11f04fb3d7b49db2
+	NOTE: https://github.com/LibRaw/LibRaw/commit/ac151a829b8d3e4c74fa3aefa8a029c3cc3f857f (0.22.1)
 CVE-2026-24450 (An integer overflow vulnerability exists in the uncompressed_fp_dng_lo ...)
 	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a58727c1a3cfef4101700e546a6a661c6a299d97
+	NOTE: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f (0.22.1)
 CVE-2026-24175 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
 	NOT-FOR-US: NVIDIA
 CVE-2026-24174 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
@@ -20109,18 +20111,22 @@ CVE-2026-21413 (A heap-based buffer overflow vulnerability exists in the lossles
 	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
 	NOTE: https://github.com/LibRaw/LibRaw/commit/32c7b783de262f21fa5e3f58a59031edf23ab3cb
+	NOTE: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644 (0.22.1)
 CVE-2026-20911 (A heap-based buffer overflow vulnerability exists in the HuffTable::in ...)
 	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
+	NOTE: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b (0.22.1)
 CVE-2026-20889 (A heap-based buffer overflow vulnerability exists in the x3f_thumb_loa ...)
 	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358
 	NOTE: https://github.com/LibRaw/LibRaw/commit/657b68d20456eaeb9639976f328827195ff41383
+	NOTE: https://github.com/LibRaw/LibRaw/commit/b9809e410d07ca7bf408e6d036615fb34f8c47cc (0.22.1)
 CVE-2026-20884 (An integer overflow vulnerability exists in the deflate_dng_load_raw f ...)
 	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364
 	NOTE: https://github.com/LibRaw/LibRaw/commit/39873163faa29ed5dfc3bb5aab1b46ed807b210f
+	NOTE: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1 (0.22.1)
 CVE-2026-1079 (A native messaging host vulnerability in Pega Browser Extension (PBE)  ...)
 	NOT-FOR-US: Pega Browser Extension (PBE)
 CVE-2026-1078 (An arbitrary file-write vulnerability in Pega Browser Extension (PBE)  ...)
@@ -22138,6 +22144,7 @@ CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the fu
 	[bullseye] - libraw <postponed> (Minor issue)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/795
 	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb (0.22.1)
 CVE-2026-5339 (A vulnerability was detected in Tenda G103 1.0.0.5. The impacted eleme ...)
 	NOT-FOR-US: Tenda
 CVE-2026-5338 (A security vulnerability has been detected in Tenda G103 1.0.0.5. The  ...)
@@ -22725,6 +22732,7 @@ CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impac
 	- libraw 0.22.1-1 (bug #1132655)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/794
 	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b (0.22.1)
 CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...)
 	- libstb <unfixed> (bug #1134888)
 	[trixie] - libstb <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79630923cf4033235f89cccde5212125363f6dbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79630923cf4033235f89cccde5212125363f6dbc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260511/638eb757/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list