Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE 16.3 Libraw Key Security Update Alert SUSE-SU-2026-60341-1

suse
Calendar Grey April 28, 2026
Dist Suse Esm H88
The latest SUSE advisory details fixes for important vulnerabilities in libraw affecting SUSE Linux Enterprise Server.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for libraw fixes the following issues: * CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499). * CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672). * CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673). * CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674). * CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675). * CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676). ## Patch Instructions:

References

* bsc#1261499

* bsc#1261671

* bsc#1261672

* bsc#1261673

* bsc#1261674

* bsc#1261675

* bsc#1261676

Cross-

* CVE-2026-20884

* CVE-2026-20889

* CVE-2026-20911

* CVE-2026-21413

* CVE-2026-24450

* CVE-2026-24660

* CVE-2026-5342

CVSS scores:

* CVE-2026-20884 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-20889 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21360-1
Release Date: 2026-04-20T15:30:10Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here