{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5342", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-01T14:52:36.913Z", "datePublished": "2026-04-02T14:30:14.897Z", "dateUpdated": "2026-04-02T14:30:14.897Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T14:30:14.897Z"}, "title": "LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "LibRaw", "versions": [{"version": "0.1", "status": "affected"}, {"version": "0.2", "status": "affected"}, {"version": "0.3", "status": "affected"}, {"version": "0.4", "status": "affected"}, {"version": "0.5", "status": "affected"}, {"version": "0.6", "status": "affected"}, {"version": "0.7", "status": "affected"}, {"version": "0.8", "status": "affected"}, {"version": "0.9", "status": "affected"}, {"version": "0.10", "status": "affected"}, {"version": "0.11", "status": "affected"}, {"version": "0.12", "status": "affected"}, {"version": "0.13", "status": "affected"}, {"version": "0.14", "status": "affected"}, {"version": "0.15", "status": "affected"}, {"version": "0.16", "status": "affected"}, {"version": "0.17", "status": "affected"}, {"version": "0.18", "status": "affected"}, {"version": "0.19", "status": "affected"}, {"version": "0.20", "status": "affected"}, {"version": "0.21", "status": "affected"}, {"version": "0.22.0", "status": "affected"}, {"version": "0.22.1", "status": "unaffected"}], "cpes": ["cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"], "modules": ["TIFF/NEF"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-04-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-01T16:57:47.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "biniam (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354671", "name": "VDB-354671 | LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354671/cti", "name": "VDB-354671 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781223", "name": "Submit #781223 | LibRaw 0.22.0 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LibRaw/LibRaw/issues/795", "tags": ["issue-tracking"]}, {"url": "https://github.com/LibRaw/LibRaw/issues/795#issuecomment-4073769886", "tags": ["issue-tracking"]}, {"url": "https://github.com/biniamf/pocs/tree/main/libraw_nikonpadded", "tags": ["exploit"]}, {"url": "https://github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c", "tags": ["patch"]}, {"url": "https://github.com/LibRaw/LibRaw/", "tags": ["product"]}], "tags": ["x_open-source"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component."}], "id": "CVE-2026-5342", "lastModified": "2026-04-02T15:16:53.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:53.343", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/"}, {"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c"}, {"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/issues/795"}, {"source": "cna@vuldb.com", "url": "https://github.com/LibRaw/LibRaw/issues/795#issuecomment-4073769886"}, {"source": "cna@vuldb.com", "url": "https://github.com/biniamf/pocs/tree/main/libraw_nikonpadded"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/781223"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354671"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354671/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.22.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "0.22.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "LibRaw", "source": "cna", "vendor": "n/a"}, "product": "libraw", "vendor": "libraw"}], "analysis": {"en": {"generated_at": "2026-04-02T15:50:41.333298+00:00", "value": {"mitigation_remediation": ["Upgrade LibRaw to version 0.22.1 or later, which contains a patch for the out\u2011of\u2011bounds read in nikon_load_padded_packed_raw.", "Verify the library version post\u2011upgrade by checking the released version string or querying the application\u2019s version interface.", "If an upgrade is not immediately possible, configure the application or library to reject or skip Nikon padded packed RAW files, thereby preventing the vulnerable decoding path.", "Continuously monitor the LibRaw GitHub repository and security advisories for further updates or additional mitigations."], "summary": {"action": "Patch Now", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Any installation of LibRaw version 0.22.0 or earlier is vulnerable. This includes developers and applications that link against LibRaw to process Nikon RAW images and other libraries that embed LibRaw for image decoding.", "description_and_impact": "The LibRaw library, widely used for decoding camera RAW files, contains a flaw in its Nikon padded packed RAW decoder (nikon_load_padded_packed_raw) inside the TIFF/NEF component. By providing a specially crafted image with manipulated load_flags or raw_width values, an attacker can trigger an out\u2011of\u2011bounds read, allowing the program to read data beyond the intended buffer. While the current published exploit only demonstrates a memory disclosure, the vulnerability could be combined with other techniques to potentially reach remote code execution if additional memory corruption is achieved.", "risk_and_exploitability": "The vulnerability carries a medium CVSS score of 6.9 and has been demonstrated as exploitable over the network. The EPSS score is not available, and it is not listed in the CISA KEV catalog. Attackers can remotely supply a malicious image to trigger the out\u2011of\u2011bounds read, making the risk fairly tangible for services that accept untrusted image uploads. The impact could range from exposure of sensitive data to a potential compromise if additional weaknesses are leveraged."}}}}, "created": "2026-04-02T20:12:19.168357+00:00", "updated": "2026-04-02T20:20:59.820794+00:00", "vendors": ["libraw", "libraw$PRODUCT$libraw"]}