{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5318", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-01T12:43:19.844Z", "datePublished": "2026-04-02T01:45:12.421Z", "dateUpdated": "2026-04-03T19:48:59.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T01:45:12.421Z"}, "title": "LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "Out-of-bounds Write"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "LibRaw", "versions": [{"version": "0.1", "status": "affected"}, {"version": "0.2", "status": "affected"}, {"version": "0.3", "status": "affected"}, {"version": "0.4", "status": "affected"}, {"version": "0.5", "status": "affected"}, {"version": "0.6", "status": "affected"}, {"version": "0.7", "status": "affected"}, {"version": "0.8", "status": "affected"}, {"version": "0.9", "status": "affected"}, {"version": "0.10", "status": "affected"}, {"version": "0.11", "status": "affected"}, {"version": "0.12", "status": "affected"}, {"version": "0.13", "status": "affected"}, {"version": "0.14", "status": "affected"}, {"version": "0.15", "status": "affected"}, {"version": "0.16", "status": "affected"}, {"version": "0.17", "status": "affected"}, {"version": "0.18", "status": "affected"}, {"version": "0.19", "status": "affected"}, {"version": "0.20", "status": "affected"}, {"version": "0.21", "status": "affected"}, {"version": "0.22.0", "status": "affected"}, {"version": "0.22.1", "status": "unaffected"}], "cpes": ["cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"], "modules": ["JPEG DHT Parser"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-04-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-01T16:18:30.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "biniam (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354650", "name": "VDB-354650 | LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354650/cti", "name": "VDB-354650 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780538", "name": "Submit #780538 | LibRaw 0.22.0 Out-of-bounds Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LibRaw/LibRaw/issues/794", "tags": ["issue-tracking"]}, {"url": "https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499", "tags": ["issue-tracking"]}, {"url": "https://github.com/biniamf/pocs/tree/main/libraw_lljpeg", "tags": ["exploit"]}, {"url": "https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995", "tags": ["patch"]}, {"url": "https://github.com/LibRaw/LibRaw/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T19:48:49.260199Z", "id": "CVE-2026-5318", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T19:48:59.933Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5318", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T19:48:49.260199Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T19:48:54.987Z"}}], "cna": {"tags": ["x_open-source"], "title": "LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write", "credits": [{"lang": "en", "type": "reporter", "value": "biniam (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["JPEG DHT Parser"], "product": "LibRaw", "versions": [{"status": "affected", "version": "0.1"}, {"status": "affected", "version": "0.2"}, {"status": "affected", "version": "0.3"}, {"status": "affected", "version": "0.4"}, {"status": "affected", "version": "0.5"}, {"status": "affected", "version": "0.6"}, {"status": "affected", "version": "0.7"}, {"status": "affected", "version": "0.8"}, {"status": "affected", "version": "0.9"}, {"status": "affected", "version": "0.10"}, {"status": "affected", "version": "0.11"}, {"status": "affected", "version": "0.12"}, {"status": "affected", "version": "0.13"}, {"status": "affected", "version": "0.14"}, {"status": "affected", "version": "0.15"}, {"status": "affected", "version": "0.16"}, {"status": "affected", "version": "0.17"}, {"status": "affected", "version": "0.18"}, {"status": "affected", "version": "0.19"}, {"status": "affected", "version": "0.20"}, {"status": "affected", "version": "0.21"}, {"status": "affected", "version": "0.22.0"}, {"status": "unaffected", "version": "0.22.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-01T16:18:30.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354650", "name": "VDB-354650 | LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354650/cti", "name": "VDB-354650 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780538", "name": "Submit #780538 | LibRaw 0.22.0 Out-of-bounds Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LibRaw/LibRaw/issues/794", "tags": ["issue-tracking"]}, {"url": "https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499", "tags": ["issue-tracking"]}, {"url": "https://github.com/biniamf/pocs/tree/main/libraw_lljpeg", "tags": ["exploit"]}, {"url": "https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995", "tags": ["patch"]}, {"url": "https://github.com/LibRaw/LibRaw/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T01:45:12.421Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5318", "state": "PUBLISHED", "dateUpdated": "2026-04-03T19:48:59.933Z", "dateReserved": "2026-04-01T12:43:19.844Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-02T01:45:12.421Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component."}], "id": "CVE-2026-5318", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-02T03:16:07.080", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/"}, {"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995"}, {"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/issues/794"}, {"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499"}, {"source": "cna@vuldb.com", "url": "https://github.com/biniamf/pocs/tree/main/libraw_lljpeg"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/780538"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354650"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354650/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-787"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser", "id": "2454185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454185"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in LibRaw. A remote attacker could exploit this vulnerability by manipulating the 'bits[]' argument within the 'HuffTable::initval' function of the JPEG DHT Parser component. This manipulation leads to an out-of-bounds write, which can result in a Denial of Service (DoS) condition, making the affected system or application unavailable. An exploit for this vulnerability has been made public."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-5318", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libraw1394", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "LibRaw", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-02T01:45:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5318\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5318\nhttps://github.com/LibRaw/LibRaw/\nhttps://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995\nhttps://github.com/LibRaw/LibRaw/issues/794\nhttps://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499\nhttps://github.com/biniamf/pocs/tree/main/libraw_lljpeg\nhttps://vuldb.com/submit/780538\nhttps://vuldb.com/vuln/354650\nhttps://vuldb.com/vuln/354650/cti"], "statement": "This Moderate impact flaw in LibRaw's JPEG DHT Parser could lead to a Denial of Service. A remote attacker could trigger an out-of-bounds write by providing a specially crafted JPEG image to an application utilizing LibRaw. This vulnerability affects Red Hat Enterprise Linux versions that include LibRaw.", "threat_severity": "Moderate"}