This update for libraw fixes the following issues:
- CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499).
- CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671).
- CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672).
- CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673).
- CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674).
- CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675).
- CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch...
Read the Full Advisory- openSUSE Leap 16.0:
libraw-devel-0.21.4-160000.3.1
libraw-devel-static-0.21.4-160000.3.1
libraw-tools-0.21.4-160000.3.1
libraw23-0.21.4-160000.3.1
* bsc#1261499
* bsc#1261671
* bsc#1261672
* bsc#1261673
* bsc#1261674
* bsc#1261675
* bsc#1261676
References:
* https://www.suse.com/security/cve/CVE-2026-20884.html
* https://www.suse.com/security/cve/CVE-2026-20889.html
* https://www.suse.com/security/cve/CVE-2026-20911.html
* https://www.suse.com/security/cve/CVE-2026-21413.html
* https://www.suse.com/security/cve/CVE-2026-24450.html
* https://www.suse.com/security/cve/CVE-2026-24660.html
* https://www.suse.com/security/cve/CVE-2026-5342.html
Get the latest Linux and open source security news straight to your inbox.