CVE-2025-43963

Опубликовано: 21 апр. 2025

Источник: debian

EPSS Низкий

Описание

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libraw	fixed	0.21.4-1		package
libraw	no-dsa		bookworm	package

Примечания

Fixed by: https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964 (0.21.4)

EPSS

Процентиль: 12%

0.0004

Низкий

Связанные уязвимости

CVE-2025-43963

CVSS3: 2.9

ubuntu

2 месяца назад

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

CVE-2025-43963

CVSS3: 2.9

redhat

2 месяца назад

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

CVE-2025-43963

CVSS3: 2.9

nvd

2 месяца назад

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

GHSA-3w5w-m35v-rfp7

CVSS3: 2.9

github

2 месяца назад

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

SUSE-SU-2025:1572-1

suse-cvrf

около 1 месяца назад

Security update for libraw

EPSS

Процентиль: 12%

0.0004

Низкий