CVE-2026-20889

DOCUMENTATION: A flaw was found in LibRaw, a library used for processing raw image files. This vulnerability, a heap-based buffer overflow, exists within the x3fthumbloader functionality. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious file. Successful exploitation could lead to arbitrary code execution, giving the attacker full control over the affected system. 

            STATEMENT: LibRaw is not installed by default on Red Hat systems. A user would need to manually install and make available an affected code path for this vulnerability to be exploitable.

            MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.