CVE-2025-43962

CVE-2025-43962

Name

CVE-2025-43962

Description

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://www.libraw.org/news/libraw-0-21-4-release
	https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4
	https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/04/msg00038.html

Type

URI

https://www.libraw.org/news/libraw-0-21-4-release

https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4

https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/04/msg00038.html

CPE URI	Source package	Min version	Max version
	libraw	>= 0	< 0.21.4

CPE URI

Source package

Min version

Max version

libraw

>= 0

< 0.21.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libraw	edge-community	0.21.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libraw	3.22-community	0.21.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libraw

edge-community

0.21.3-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

libraw

3.22-community

0.21.3-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages