Fedora 43 mingw-LibRaw Critical CVE Backport for Arbitrary Execution

fedora

April 18, 2026

Backport patch for CVE-2026-20884

Summary

MinGW Windows LibRaw library.

Update Information:

Backport patch for CVE-2026-20884. Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 Update to libraw-0.21.5.

Topics Covered

security advisory fedora important arbitrary execution CVE libraw

Change Log

* Thu Apr 9 2026 Sandro Mani - 0.21.5-3 - Backport patch for CVE-2026-20884 * Wed Apr 8 2026 Sandro Mani - 0.21.5-2 - Backport fixes for CVE-2026-20889 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 * Thu Apr 2 2026 Sandro Mani - 0.21.5-1 - Update to 0.21.5

References

[ 1 ] Bug #2456057 - CVE-2026-24450 mingw-LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456057 [ 2 ] Bug #2456240 - CVE-2026-21413 mingw-LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456240 [ 3 ] Bug #2456243 - CVE-2026-20889 mingw-LibRaw: LibRaw: Arbitrary code execution via specially crafted image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456243 [ 4 ] Bug #2456245 - CVE-2026-24660 mingw-LibRaw: LibRaw: Memory Corruption via Malicious File Processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456245 [ 5 ] Bug #2456561 - CVE-2026-20884 mingw-LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456561

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-635a001215' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

important

Lowest

Low

Medium

High

Critical

Name: mingw-LibRaw

Product: Fedora 43

Version: 0.21.5

Release: 3.fc43

URL: http://www.libraw.org

Summary: Library for reading RAW files obtained from digital photo cameras

Topics Covered

security advisory fedora important arbitrary execution CVE libraw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43 mingw-LibRaw Critical CVE Backport for Arbitrary Execution

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43 mingw-LibRaw Critical CVE Backport for Arbitrary Execution

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!