Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE 2026 1556-1 Libraw Important Buffer Overflow Issues

suse
Calendar Grey April 23, 2026
Dist Suse Esm H88
Install the latest SUSE security update for libraw, fixing six important issues that may pose threats to your system.
An update that solves six vulnerabilities can now be installed.

Summary

## This update for libraw fixes the following issues: * CVE-2026-5342: out-of-bounds read via `LibRaw::nikon_load_padded_packed_raw` (bsc#1261499). * CVE-2026-20884: integer overflow and heap buffer overflow via `deflate_dng_load_raw` (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow in `x3f_thumb_loader`(bsc#1261672). * CVE-2026-20911: heap-based buffer overflow in `HuffTable::initval`(bsc#1261673). * CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw` (bsc#1261674). * CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman` (bsc#1261676). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

* bsc#1261499

* bsc#1261671

* bsc#1261672

* bsc#1261673

* bsc#1261674

* bsc#1261676

Cross-

* CVE-2026-20884

* CVE-2026-20889

* CVE-2026-20911

* CVE-2026-21413

* CVE-2026-24660

* CVE-2026-5342

CVSS scores:

* CVE-2026-20884 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20889 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1556-1
Release Date: 2026-04-22T16:24:03Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here