Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE Leap 16.0 libraw Key Buffer Overflow Fix Advisory 2026-20574-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
Critical update resolves multiple important issues in libraw for openSUSE Leap 16.0, including buffer overflows.
An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for libraw fixes the following issues:

- CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499).

- CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671).

- CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672).

- CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673).

- CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674).

- CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675).

- CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

libraw-devel-0.21.4-160000.3.1

libraw-devel-static-0.21.4-160000.3.1

libraw-tools-0.21.4-160000.3.1

libraw23-0.21.4-160000.3.1

References

* bsc#1261499

* bsc#1261671

* bsc#1261672

* bsc#1261673

* bsc#1261674

* bsc#1261675

* bsc#1261676

References:

* https://www.suse.com/security/cve/CVE-2026-20884.html

* https://www.suse.com/security/cve/CVE-2026-20889.html

* https://www.suse.com/security/cve/CVE-2026-20911.html

* https://www.suse.com/security/cve/CVE-2026-21413.html

* https://www.suse.com/security/cve/CVE-2026-24450.html

* https://www.suse.com/security/cve/CVE-2026-24660.html

* https://www.suse.com/security/cve/CVE-2026-5342.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20574-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here