LibRaw prior to 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
libraw libraw