PT-2026-4883 · Dcraw+1 · Dcraw+1
Titan Team
·
Published
2026-01-01
·
Updated
2026-01-27
·
CVE-2026-24808
CVSS v4.0
8.3
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions
RawTherapee versions through 5.11
Description
An integer overflow or wraparound condition exists in RawTherapee, specifically within the rtengine modules and associated with the dcraw.Cc program file. This issue could potentially lead to unexpected program behavior or crashes. There is no information about the number of affected devices or any real-world exploitation of this issue.
Recommendations
Update RawTherapee to a version newer than 5.11.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rawtherapee
Dcraw