Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE Linux 15 SP8 Libraw Important Memory Overflow Risk SUSE-SU-2026-1570-1

suse
Calendar Grey April 23, 2026
Dist Suse Esm H88
Addressing seven vulnerabilities in libraw with critical importance for SUSE users and detailed patch instructions provided.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for libraw fixes the following issues: * CVE-2026-5342: out-of-bounds read via `LibRaw::nikon_load_padded_packed_raw` (bsc#1261499). * CVE-2026-20884: integer overflow and heap buffer overflow via `deflate_dng_load_raw` (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow in `x3f_thumb_loader`(bsc#1261672). * CVE-2026-20911: heap-based buffer overflow in `HuffTable::initval`(bsc#1261673). * CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw` (bsc#1261674). * CVE-2026-24450: integer overflow and heap buffer overflow via `uncompressed_fp_dng_load_raw` (bsc#1261675). * CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman` (bsc#1261676). ## Patch Instructions:

References

* bsc#1261499

* bsc#1261671

* bsc#1261672

* bsc#1261673

* bsc#1261674

* bsc#1261675

* bsc#1261676

Cross-

* CVE-2026-20884

* CVE-2026-20889

* CVE-2026-20911

* CVE-2026-21413

* CVE-2026-24450

* CVE-2026-24660

* CVE-2026-5342

CVSS scores:

* CVE-2026-20884 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20889 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1555-1
Release Date: 2026-04-22T16:23:21Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here