An update for LibRaw is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1478 Final 1.0 1.0 2025-05-09 Initial 2025-05-09 2025-05-09 openEuler SA Tool V1.0 2025-05-09 LibRaw security update An update for LibRaw is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data. Security Fix(es): In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.(CVE-2025-43961) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.(CVE-2025-43962) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.(CVE-2025-43963) In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.(CVE-2025-43964) An update for LibRaw is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low LibRaw https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1478 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-43961 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-43962 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-43963 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-43964 https://nvd.nist.gov/vuln/detail/CVE-2025-43961 https://nvd.nist.gov/vuln/detail/CVE-2025-43962 https://nvd.nist.gov/vuln/detail/CVE-2025-43963 https://nvd.nist.gov/vuln/detail/CVE-2025-43964 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 LibRaw-0.21.1-4.oe2403.aarch64.rpm LibRaw-debuginfo-0.21.1-4.oe2403.aarch64.rpm LibRaw-debugsource-0.21.1-4.oe2403.aarch64.rpm LibRaw-devel-0.21.1-4.oe2403.aarch64.rpm LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm LibRaw-0.20.2-8.oe2003sp4.aarch64.rpm LibRaw-debuginfo-0.20.2-8.oe2003sp4.aarch64.rpm LibRaw-debugsource-0.20.2-8.oe2003sp4.aarch64.rpm LibRaw-devel-0.20.2-8.oe2003sp4.aarch64.rpm LibRaw-0.20.2-9.oe2203sp3.aarch64.rpm LibRaw-debuginfo-0.20.2-9.oe2203sp3.aarch64.rpm LibRaw-debugsource-0.20.2-9.oe2203sp3.aarch64.rpm LibRaw-devel-0.20.2-9.oe2203sp3.aarch64.rpm LibRaw-0.20.2-9.oe2203sp4.aarch64.rpm LibRaw-debuginfo-0.20.2-9.oe2203sp4.aarch64.rpm LibRaw-debugsource-0.20.2-9.oe2203sp4.aarch64.rpm LibRaw-devel-0.20.2-9.oe2203sp4.aarch64.rpm LibRaw-0.21.1-4.oe2403.src.rpm LibRaw-0.21.1-4.oe2403sp1.src.rpm LibRaw-0.20.2-8.oe2003sp4.src.rpm LibRaw-0.20.2-9.oe2203sp3.src.rpm LibRaw-0.20.2-9.oe2203sp4.src.rpm LibRaw-0.21.1-4.oe2403.x86_64.rpm LibRaw-debuginfo-0.21.1-4.oe2403.x86_64.rpm LibRaw-debugsource-0.21.1-4.oe2403.x86_64.rpm LibRaw-devel-0.21.1-4.oe2403.x86_64.rpm LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm LibRaw-0.20.2-8.oe2003sp4.x86_64.rpm LibRaw-debuginfo-0.20.2-8.oe2003sp4.x86_64.rpm LibRaw-debugsource-0.20.2-8.oe2003sp4.x86_64.rpm LibRaw-devel-0.20.2-8.oe2003sp4.x86_64.rpm LibRaw-0.20.2-9.oe2203sp3.x86_64.rpm LibRaw-debuginfo-0.20.2-9.oe2203sp3.x86_64.rpm LibRaw-debugsource-0.20.2-9.oe2203sp3.x86_64.rpm LibRaw-devel-0.20.2-9.oe2203sp3.x86_64.rpm LibRaw-0.20.2-9.oe2203sp4.x86_64.rpm LibRaw-debuginfo-0.20.2-9.oe2203sp4.x86_64.rpm LibRaw-debugsource-0.20.2-9.oe2203sp4.x86_64.rpm LibRaw-devel-0.20.2-9.oe2203sp4.x86_64.rpm In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. 2025-05-09 CVE-2025-43961 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 Low 2.9 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L LibRaw security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1478 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. 2025-05-09 CVE-2025-43962 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 Low 2.9 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L LibRaw security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1478 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. 2025-05-09 CVE-2025-43963 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 Low 2.9 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L LibRaw security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1478 In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. 2025-05-09 CVE-2025-43964 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 Low 2.9 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L LibRaw security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1478