CVE-2026-20911 | LibRaw 0b56545/d20315b File HuffTable::initval buffer size (TALOS-2026-2330)

VDB-355751 · CVE-2026-20911 · TALOS-2026-2330 LIBRAW 0B56545/D20315B FILE HUFFTABLE::INITVAL BUFFER SIZE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 7.9 $0-$5k 1.55+ Summaryinfo A vulnerability marked as critical has been reported in LibRaw 0b56545/d20315b. Affected by this vulnerability is the function HuffTable::initval of the component File Handler. The manipulation leads to buffer size. This vulnerability is documented as CVE-2026-20911. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue. Detailsinfo A vulnerability was found in LibRaw 0b56545/d20315b. It has been rated as critical. This issue affects the function HuffTable::initval of the component File Handler. The manipulation with an unknown input leads to a buffer size vulnerability. Using CWE to declare the problem leads to CWE-131. The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. Impacted is confidentiality, integrity, and availability. The summary by CVE is: A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. It is possible to read the advisory at talosintelligence.com. The identification of this vulnerability is CVE-2026-20911 since 01/21/2026. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details of the vulnerability are known, but there is no available exploit. Applying a patch is able to eliminate this problem. Productinfo Type Image Processing Software Name LibRaw Version 0b56545 d20315b License open-source CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 8.0 VulDB Meta Temp Score: 7.9 VulDB Base Score: 6.3 VulDB Temp Score: 6.0 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 9.8 CNA Vector (talos): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Buffer size CWE: CWE-131 / CWE-120 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Patch Status: 🔍 0-Day Time: 🔒 Timelineinfo 01/21/2026 CVE reserved 04/07/2026 +75 days Advisory disclosed 04/07/2026 +0 days VulDB entry created 04/07/2026 +0 days VulDB entry last update Sourcesinfo Advisory: TALOS-2026-2330 Status: Confirmed CVE: CVE-2026-20911 (🔒) GCVE (CVE): GCVE-0-2026-20911 GCVE (VulDB): GCVE-100-355751 Entryinfo Created: 04/07/2026 16:37 Changes: 04/07/2026 16:37 (64) Complete: 🔍 Cache ID: 99:5FC:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸