CVE-2026-5342 PUBLISHED

LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds

Assigner: VulDB
Reserved: 01.04.2026 Published: 02.04.2026 Updated: 02.04.2026

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.0

CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
CVSS Score: 5

Access Vector	Network	Confidentiality Impact	None
Access Complexity	Low	Integrity Impact	None
Authentication	None	Availability Impact	Partial

CVSS 2.0

Product Status

Vendor	n/a
Product	LibRaw
Versions	Version 0.1 is affected Version 0.2 is affected Version 0.3 is affected Version 0.4 is affected Version 0.5 is affected Version 0.6 is affected Version 0.7 is affected Version 0.8 is affected Version 0.9 is affected Version 0.10 is affected Version 0.11 is affected Version 0.12 is affected Version 0.13 is affected Version 0.14 is affected Version 0.15 is affected Version 0.16 is affected Version 0.17 is affected Version 0.18 is affected Version 0.19 is affected Version 0.20 is affected Version 0.21 is affected Version 0.22.0 is affected Version 0.22.1 is unaffected

CVE-2026-5342 PUBLISHED

LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds

Metrics

Product Status

Credits

References

Problem Types