{"id":"CVE-2026-24808","details":"Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc.\n\nThis issue affects RawTherapee: through 5.11.","modified":"2026-01-29T06:51:30.689956Z","published":"2026-01-27T09:15:51.023Z","references":[{"type":"FIX","url":"https://github.com/RawTherapee/RawTherapee/pull/7359"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rawtherapee/rawtherapee","events":[{"introduced":"0"},{"last_affected":"db575c6690d30ce6428c0e1383bec8b8f1fb8d21"}]}],"versions":["3.0A1","3.0A2","3.0B1","3.1.1","4.0.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.1","4.2","5.0-gtk2","5.0-gtk3","5.0-r1-gtk2","5.0-r1-gtk3","5.1","5.1-rc1","5.10","5.10-rc1","5.11","5.11-rc1","5.2","5.3","5.3-rc1","5.4","5.4-rc1","5.4-rc2","5.4-rc3","5.5","5.5-rc1","5.5-rc2","5.6","5.6-rc1","5.6-rc2","5.7","5.8","5.9","5.9-rc1","Dev-3.0","Dev-3.1","Dev-3.1m1","Dev-3.1m2","Dev-3.1m3","Dev-3.1m4","Dev-3.1m5","Dev-3.1m6","Dev-Darkframe","Dev-Defloat","nightly-github-actions","pre-dev-github-actions"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24808.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Amber"}]}