A heap buffer overflow in LibRaw's Huffman table initialization allows for potential remote code execution via a specially crafted image file.

The vulnerability resides in the HuffTable::initval functionality. An attacker can provide a specially crafted file that triggers an overflow on the heap during Huffman table initialization, which may allow for arbitrary code execution.

This is a critical vulnerability (CVSS 9.8). The impact is severe, as it allows attackers to potentially execute arbitrary code on the host running the software, leading to full system compromise if the process has sufficient privileges.

Immediate Action: Update LibRaw to the latest version to patch the HuffTable::initval vulnerability.

Proactive Monitoring: Monitor systems for unexpected service restarts or abnormal behavior in applications known to use LibRaw for image decoding.

Compensating Controls: Ensure that image-processing processes are restricted using OS-level security features like SELinux, AppArmor, or containerization to reduce the impact of a potential compromise.

Public Exploit Available: No

Immediate remediation is required. As this is another critical memory corruption flaw in LibRaw, it is highly recommended to perform a comprehensive update of all software dependencies utilizing this library.