Описание
Security update for libraw
This update for libraw fixes the following issues:
- CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function (bsc#1241585)
- CVE-2025-43964: Fixed tag 0x412 processing in phase_one_correct does not enforce minimum w0 and w1 values (bsc#1241584)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:1380-1
- E-Mail link for SUSE-SU-2025:1380-1
- SUSE Security Ratings
- SUSE Bug 1241584
- SUSE Bug 1241585
- SUSE CVE CVE-2015-3885 page
- SUSE CVE CVE-2015-8367 page
- SUSE CVE CVE-2025-43962 page
- SUSE CVE CVE-2025-43964 page
Описание
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.
Затронутые продукты
Ссылки
- CVE-2015-3885
- SUSE Bug 930683
Описание
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
Затронутые продукты
Ссылки
- CVE-2015-8367
- SUSE Bug 1006704
- SUSE Bug 1006717
- SUSE Bug 957517
Описание
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
Затронутые продукты
Ссылки
- CVE-2025-43962
- SUSE Bug 1241585
Описание
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Затронутые продукты
Ссылки
- CVE-2025-43964
- SUSE Bug 1241584