## This update for libraw fixes the following issues: * CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499). * CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672). * CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673). * CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674). * CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675). * CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676). ## Patch Instructions:
* bsc#1261499
* bsc#1261671
* bsc#1261672
* bsc#1261673
* bsc#1261674
* bsc#1261675
* bsc#1261676
Cross-
* CVE-2026-20884
* CVE-2026-20889
* CVE-2026-20911
* CVE-2026-21413
* CVE-2026-24450
* CVE-2026-24660
* CVE-2026-5342
CVSS scores:
* CVE-2026-20884 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-20889 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Get the latest Linux and open source security news straight to your inbox.