Nixpkgs security tracker

Untriaged

Permalink CVE-2026-24450

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 week ago

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of …

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

References

Affected products

LibRaw

==Commit 8dc68e2

Matching in nixpkgs

pkgs.libraw

Library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others)

nixos-unstable 0.21.5b
- nixpkgs-unstable 0.21.5b
- nixos-unstable-small 0.21.5b
nixos-25.11 0.21.4
- nixos-25.11-small 0.21.4
- nixpkgs-25.11-darwin 0.21.4

pkgs.libraw1394

Library providing direct access to the IEEE 1394 bus through the Linux 1394 subsystem's raw1394 user space interface

nixos-unstable 2.1.2
- nixpkgs-unstable 2.1.2
- nixos-unstable-small 2.1.2
nixos-25.11 2.1.2
- nixos-25.11-small 2.1.2
- nixpkgs-25.11-darwin 2.1.2

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libraw

pkgs.libraw1394