Cyber Resilience

CVE-2026-21413

CriticalPublic PoCUpdated

Published: 07 April 2026

Published
07 April 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 41.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-21413 is a critical-severity Improper Validation of Array Index (CWE-129) vulnerability in Libraw Libraw. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

A heap-based buffer overflow vulnerability, designated CVE-2026-21413, affects the lossless_jpeg_load_raw functionality in LibRaw at Commit 0b56545 and Commit d20315b. This flaw arises from improper validation of array indices (CWE-129), allowing a specially crafted malicious file to trigger a heap buffer overflow when processed by the library. LibRaw is a widely used open-source library for reading RAW image files, commonly integrated into image processing applications, photo editors, and camera software.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low complexity, no privileges or user interaction required. An attacker can supply a malicious file to any application or system that uses the affected LibRaw commits for RAW image decoding, potentially leading to arbitrary code execution, data corruption, or denial of service through heap memory corruption.

Mitigation details are provided in the Talos Intelligence advisory TALOS-2026-2331, accessible at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331. Security practitioners should consult these reports for patching guidance, updated commits, or workarounds specific to LibRaw integrations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap buffer overflow in client-side image library (LibRaw) directly enables client application exploitation via malicious file for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20911Same product: Libraw Libraw
CVE-2026-20884Same product: Libraw Libraw
CVE-2026-20889Same product: Libraw Libraw
CVE-2026-24450Same product: Libraw Libraw
CVE-2026-24660Same product: Libraw Libraw
CVE-2026-3083Shared CWE-129
CVE-2026-22859Shared CWE-129
CVE-2026-25585Shared CWE-129
CVE-2023-52987Shared CWE-129
CVE-2026-33281Shared CWE-129

Affected Assets

libraw
libraw
0.22.0, 0.22.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of identified software flaws, such as patching the heap buffer overflow in LibRaw's lossless_jpeg_load_raw function at vulnerable commits.

prevent

Requires validation of information inputs like specially crafted RAW image files to address improper array index validation leading to the buffer overflow.

prevent

Implements memory protection mechanisms that mitigate exploitation of heap buffer overflows by complicating arbitrary code execution from memory corruption.

References