Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 44 Luminance HDR Critical DoS LibRaw Update 2026-bef0050737

fedora
Calendar Grey April 13, 2026
Dist Fedora Esm H88
Luminance HDR on Fedora 44 addresses critical remote code execution risks via LibRaw updates. Ensure system security now.
LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overb...

Summary

Luminance HDR is a graphical user interface (based on the Qt5 toolkit) that

provides a complete workflow for HDR imaging.

Supported HDR formats:

\u2022 OpenEXR (extension: exr)

\u2022 Radiance RGBE (extension: hdr)

\u2022 Tiff formats: 16bit, 32bit (float) and LogLuv (extension: tiff)

\u2022 Raw image formats (extension: various)

\u2022 PFS native format (extension: pfs)

Supported LDR formats:

\u2022 JPEG, PNG, PPM, PBM, TIFF, FITS

Supported features:

\u2022 Create an HDR file from a set of images (JPEG, TIFF 8bit and 16bit, RAW) of

the same scene taken at different exposure settings

\u2022 Save and load HDR files

\u2022 Rotate and resize HDR files

\u2022 Tonemap HDR images

\u2022 Projective Transformations

\u2022 Copy EXIF data between sets of images

\u2022 Supports internationalization

Raw image formats are supported - and treated as HDR - thanks to LibRAW.

The code is in part based on the existing open source packages:

\u2022 \u201cpfstools\u201d, \u201cpfstmo\u201d and \u201cpfscalibration\u201d by Grzegorz Krawczyk and Rafal

Mantiuk

\u2022 \u201cqpfstmo\u201d, by Nicholas Phillips.

Without their contribution all of this would have not been possible.

Update Information:

LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0) IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0) ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0) bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0, 3.0.17.0) heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64 #5095 (by Brecht Van Lommel) ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0, 3.0.17.0) jpeg: Improved safety and error reporting for jpeg and iptc #5081 jpeg2000: Suppress leak when reading with OpenJPH #5098 psd: Fixes against corrupt files with better validation #5089 (3.1.12.0, 3.0.17.0) rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0) tiff: ...

Topics%20covered

Topics Covered

security advisory denial of service fedora out-of-bounds CVE libraw

Change Log

* Wed Apr 8 2026 Gwyn Ciesla - 2.6.1.1-89 - Libraw rebuild * Sat Mar 14 2026 Benjamin A. Beasley - 2.6.1.1-88 - The ninja backend is the default now; don\u2019t bother specifying it

References


[ 1 ] Bug #2447841 - swayimg-.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447841 [ 2 ] Bug #2451401 - swayimg-5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451401 [ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454235 [ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454464 [ 5 ] Bug #2455346 - LibRaw-0.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2455346 [ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456557

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: luminance-hdr
Product: Fedora 44
Version: 2.6.1.1
Release: 89.fc44
URL: http://qtpfsgui.sourceforge.net/
Summary: GUI that provides a complete workflow for HDR imaging

Topics%20covered

Topics Covered

security advisory denial of service fedora out-of-bounds CVE libraw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here