LibRaw (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package LibRaw, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2026-21413 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b…
CVE-2026-20889 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted…
CVE-2021-1788 — CVSS 8.8 (high): A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001…
CVE-2021-30797 — CVSS 8.8 (high): This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7…
CVE-2021-30795 — CVSS 8.8 (high): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5…
CVE-2021-1844 — CVSS 8.8 (high): A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v…
CVE-2021-30758 — CVSS 8.8 (high): A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5…
CVE-2021-21779 — CVSS 8.8 (high): A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted…
CVE-2021-21806 — CVSS 8.8 (high): An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a…
CVE-2021-30749 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6…
CVE-2021-30734 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6…
CVE-2020-24870 — CVSS 8.8 (high): Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
CVE-2020-13558 — CVSS 8.8 (high): A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web…
CVE-2021-30799 — CVSS 8.8 (high): Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5…
CVE-2026-24660 — CVSS 8.1 (high): A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted…
CVE-2021-21775 — CVSS 8.0 (high): A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A…
CVE-2020-27918 — CVSS 7.8 (high): A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2…
CVE-2021-32142 — CVSS 7.8 (high): Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(cha…
CVE-2021-1801 — CVSS 6.5 (medium): This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001…
CVE-2021-1799 — CVSS 6.5 (medium): A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001…
CVE-2021-1765 — CVSS 6.5 (medium): This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001…
CVE-2021-30689 — CVSS 6.1 (medium): A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1…
CVE-2021-30744 — CVSS 6.1 (medium): Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in…
CVE-2021-30682 — CVSS 5.5 (medium): A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS…
CVE-2020-36241 — CVSS 5.5 (medium): autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal…
CVE-2021-28650 — CVSS 5.5 (medium): autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal…
CVE-2021-30720 — CVSS 5.4 (medium): A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS…
CVE-2020-29623 — CVSS 3.3 (low): "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in…