Libraw prior to 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
libraw libraw