A memory corruption vulnerability (CVE-2026-24660, CVSS 8.1 HIGH) in the LibRaw library allows for arbitrary code execution via processing a maliciously crafted RAW image file. The NVD data indicates libraw version 0.22.0 is affected, though the Red Hat advisory provides patched packages (e.g., LibRaw-0.19.5-2.el8_4.2) specifically for Red Hat Enterprise Linux 8.4 Extended Update Support variants.
Red Hat Product Errata RHSA-2026:15926 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:15926 - Security Advisory Overview Updated Packages Synopsis Important: LibRaw security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for LibRaw is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: LibRaw: Memory Corruption via Malicious File Processing (CVE-2026-24660) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2455926 - CVE-2026-24660 LibRaw: LibRaw: Memory Corruption via Malicious File Processing CVEs CVE-2026-24660 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM LibRaw-0.19.5-2.el8_4.2.src.rpm SHA-256: 86475cbeaa665ae93829b9d45a5e61158c5113ea4a70a8364c6c96577f5f89ae x86_64 LibRaw-0.19.5-2.el8_4.2.i686.rpm SHA-256: 505587b7015e650db7ea04d4013db698a117415f953ba413aeb617dca1474758 LibRaw-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: 1c04494b2de5f420bbf129d0f9c36de96d283e4e165761775b0365639dff2480 LibRaw-debuginfo-0.19.5-2.el8_4.2.i686.rpm SHA-256: 10fd6579516df60cae2af5b34d12021354c20533bbb5d3d7eaa5d6d9ca7014da LibRaw-debuginfo-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: da5486805a60d293ec7ab2d082f4aa43be6eccd1b791209cbd5c130fbfe6f39f LibRaw-debugsource-0.19.5-2.el8_4.2.i686.rpm SHA-256: 1f099421bde8e6097f7bfcc62bb7bc3a2d06aafb4eaaabbb268a87d51eafad4e LibRaw-debugsource-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: 87be5ea72586304a5281997c607e1845957b41a3b15cb5715f4a3f59ba136210 LibRaw-samples-debuginfo-0.19.5-2.el8_4.2.i686.rpm SHA-256: 5e3d70c063a35f3d18fe91421f4b8e523fa08a0361eb64dbeb04a3342096af55 LibRaw-samples-debuginfo-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: b4ebb2250e78042c0c991e01c026744db839ddd22e7506996ed98df213d7ccc6 Red Hat Enterprise Linux Server - AUS 8.4 SRPM LibRaw-0.19.5-2.el8_4.2.src.rpm SHA-256: 86475cbeaa665ae93829b9d45a5e61158c5113ea4a70a8364c6c96577f5f89ae x86_64 LibRaw-0.19.5-2.el8_4.2.i686.rpm SHA-256: 505587b7015e650db7ea04d4013db698a117415f953ba413aeb617dca1474758 LibRaw-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: 1c04494b2de5f420bbf129d0f9c36de96d283e4e165761775b0365639dff2480 LibRaw-debuginfo-0.19.5-2.el8_4.2.i686.rpm SHA-256: 10fd6579516df60cae2af5b34d12021354c20533bbb5d3d7eaa5d6d9ca7014da LibRaw-debuginfo-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: da5486805a60d293ec7ab2d082f4aa43be6eccd1b791209cbd5c130fbfe6f39f LibRaw-debugsource-0.19.5-2.el8_4.2.i686.rpm SHA-256: 1f099421bde8e6097f7bfcc62bb7bc3a2d06aafb4eaaabbb268a87d51eafad4e LibRaw-debugsource-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: 87be5ea72586304a5281997c607e1845957b41a3b15cb5715f4a3f59ba136210 LibRaw-samples-debuginfo-0.19.5-2.el8_4.2.i686.rpm SHA-256: 5e3d70c063a35f3d18fe91421f4b8e523fa08a0361eb64dbeb04a3342096af55 LibRaw-samples-debuginfo-0.19.5-2.el8_4.2.x86_64.rpm SHA-256: b4ebb2250e78042c0c991e01c026744db839ddd22e7506996ed98df213d7ccc6 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .