Red Hat Product Errata RHSA-2026:14224 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:14224 - Security Advisory Overview Updated Packages Synopsis Important: LibRaw security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for LibRaw is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading (CVE-2026-21413) LibRaw: LibRaw: Arbitrary code execution via specially crafted image file (CVE-2026-20889) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2455929 - CVE-2026-21413 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading BZ - 2455942 - CVE-2026-20889 LibRaw: LibRaw: Arbitrary code execution via specially crafted image file CVEs CVE-2026-20889 CVE-2026-21413 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM LibRaw-0.19.5-2.el8_4.1.src.rpm SHA-256: 0940d5ddfbf959d4d57255955bbe4f5d0786e6e4b592ce66a4354b447d47d8aa x86_64 LibRaw-0.19.5-2.el8_4.1.i686.rpm SHA-256: e1fb78117d5f02ddb1b18c42170cbb63b1262c63201cf8887748947e4cafb2ab LibRaw-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: 0ebdd705a4ef2b547ba1f88476516843b553b584c09d96191bb7b314cfe53861 LibRaw-debuginfo-0.19.5-2.el8_4.1.i686.rpm SHA-256: e6e1504b9914a1862578b49bd8b31becc2ae841329a0fd25d650b16e853d4c27 LibRaw-debuginfo-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: 8c6393682974cfecd0fe4f3c9c1fe744285fc833852f74d5e1d8c709518c99af LibRaw-debugsource-0.19.5-2.el8_4.1.i686.rpm SHA-256: 698fc4301809c23d36991ca9767870f955a85eaa19c24266b48f4a3a4f707836 LibRaw-debugsource-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: 5d5e599b42eddaf6119d1abbd6d068b2f4f6116ce3c072702fd841b63b81196e LibRaw-samples-debuginfo-0.19.5-2.el8_4.1.i686.rpm SHA-256: 3a51d08111845df99289b346284436f2e691ffeccc0f27fb110b1cdad39d8cd6 LibRaw-samples-debuginfo-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: bd66fe176446dece6add3bbc609b7162c8fe2ac4e4ef7fd85d0223f43e4be84f Red Hat Enterprise Linux Server - AUS 8.4 SRPM LibRaw-0.19.5-2.el8_4.1.src.rpm SHA-256: 0940d5ddfbf959d4d57255955bbe4f5d0786e6e4b592ce66a4354b447d47d8aa x86_64 LibRaw-0.19.5-2.el8_4.1.i686.rpm SHA-256: e1fb78117d5f02ddb1b18c42170cbb63b1262c63201cf8887748947e4cafb2ab LibRaw-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: 0ebdd705a4ef2b547ba1f88476516843b553b584c09d96191bb7b314cfe53861 LibRaw-debuginfo-0.19.5-2.el8_4.1.i686.rpm SHA-256: e6e1504b9914a1862578b49bd8b31becc2ae841329a0fd25d650b16e853d4c27 LibRaw-debuginfo-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: 8c6393682974cfecd0fe4f3c9c1fe744285fc833852f74d5e1d8c709518c99af LibRaw-debugsource-0.19.5-2.el8_4.1.i686.rpm SHA-256: 698fc4301809c23d36991ca9767870f955a85eaa19c24266b48f4a3a4f707836 LibRaw-debugsource-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: 5d5e599b42eddaf6119d1abbd6d068b2f4f6116ce3c072702fd841b63b81196e LibRaw-samples-debuginfo-0.19.5-2.el8_4.1.i686.rpm SHA-256: 3a51d08111845df99289b346284436f2e691ffeccc0f27fb110b1cdad39d8cd6 LibRaw-samples-debuginfo-0.19.5-2.el8_4.1.x86_64.rpm SHA-256: bd66fe176446dece6add3bbc609b7162c8fe2ac4e4ef7fd85d0223f43e4be84f The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .