{"schema_version":"1.7.2","id":"OESA-2025-1478","modified":"2025-05-09T12:42:32Z","published":"2025-05-09T12:42:32Z","upstream":["CVE-2025-43961","CVE-2025-43962","CVE-2025-43963","CVE-2025-43964"],"summary":"LibRaw security update","details":"LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data.\r\n\r\nSecurity Fix(es):\n\nIn LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.(CVE-2025-43961)\n\nIn LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.(CVE-2025-43962)\n\nIn LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.(CVE-2025-43963)\n\nIn LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.(CVE-2025-43964)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"LibRaw","purl":"pkg:rpm/openEuler/LibRaw\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21.1-4.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["LibRaw-0.21.1-4.oe2403.aarch64.rpm","LibRaw-debuginfo-0.21.1-4.oe2403.aarch64.rpm","LibRaw-debugsource-0.21.1-4.oe2403.aarch64.rpm","LibRaw-devel-0.21.1-4.oe2403.aarch64.rpm","LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm","LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm","LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm","LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm"],"src":["LibRaw-0.21.1-4.oe2403.src.rpm","LibRaw-0.21.1-4.oe2403sp1.src.rpm"],"x86_64":["LibRaw-0.21.1-4.oe2403.x86_64.rpm","LibRaw-debuginfo-0.21.1-4.oe2403.x86_64.rpm","LibRaw-debugsource-0.21.1-4.oe2403.x86_64.rpm","LibRaw-devel-0.21.1-4.oe2403.x86_64.rpm","LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm","LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm","LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm","LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"LibRaw","purl":"pkg:rpm/openEuler/LibRaw\u0026distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21.1-4.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm","LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm","LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm","LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm"],"src":["LibRaw-0.21.1-4.oe2403sp1.src.rpm"],"x86_64":["LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm","LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm","LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm","LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"LibRaw","purl":"pkg:rpm/openEuler/LibRaw\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20.2-8.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["LibRaw-0.20.2-8.oe2003sp4.aarch64.rpm","LibRaw-debuginfo-0.20.2-8.oe2003sp4.aarch64.rpm","LibRaw-debugsource-0.20.2-8.oe2003sp4.aarch64.rpm","LibRaw-devel-0.20.2-8.oe2003sp4.aarch64.rpm"],"src":["LibRaw-0.20.2-8.oe2003sp4.src.rpm"],"x86_64":["LibRaw-0.20.2-8.oe2003sp4.x86_64.rpm","LibRaw-debuginfo-0.20.2-8.oe2003sp4.x86_64.rpm","LibRaw-debugsource-0.20.2-8.oe2003sp4.x86_64.rpm","LibRaw-devel-0.20.2-8.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"LibRaw","purl":"pkg:rpm/openEuler/LibRaw\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20.2-9.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["LibRaw-0.20.2-9.oe2203sp3.aarch64.rpm","LibRaw-debuginfo-0.20.2-9.oe2203sp3.aarch64.rpm","LibRaw-debugsource-0.20.2-9.oe2203sp3.aarch64.rpm","LibRaw-devel-0.20.2-9.oe2203sp3.aarch64.rpm"],"src":["LibRaw-0.20.2-9.oe2203sp3.src.rpm"],"x86_64":["LibRaw-0.20.2-9.oe2203sp3.x86_64.rpm","LibRaw-debuginfo-0.20.2-9.oe2203sp3.x86_64.rpm","LibRaw-debugsource-0.20.2-9.oe2203sp3.x86_64.rpm","LibRaw-devel-0.20.2-9.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"LibRaw","purl":"pkg:rpm/openEuler/LibRaw\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20.2-9.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["LibRaw-0.20.2-9.oe2203sp4.aarch64.rpm","LibRaw-debuginfo-0.20.2-9.oe2203sp4.aarch64.rpm","LibRaw-debugsource-0.20.2-9.oe2203sp4.aarch64.rpm","LibRaw-devel-0.20.2-9.oe2203sp4.aarch64.rpm"],"src":["LibRaw-0.20.2-9.oe2203sp4.src.rpm"],"x86_64":["LibRaw-0.20.2-9.oe2203sp4.x86_64.rpm","LibRaw-debuginfo-0.20.2-9.oe2203sp4.x86_64.rpm","LibRaw-debugsource-0.20.2-9.oe2203sp4.x86_64.rpm","LibRaw-devel-0.20.2-9.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1478"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43961"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43962"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43963"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43964"}],"database_specific":{"severity":"Low"}}