Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015451 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values. Tenable has extracted the...

Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015465 advisory. In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag...

Astra Linux – Vulnerability in libraw

In LibRaw before 0.21.4, metadata/tiff.cpp has a out-of-bounds read in the Fujifilm 0xf00c tag parser...

Astra Linux – Vulnerability in libraw

In LibRaw before 0.21.4, the processing of tag 0x412 in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

Astra Linux – Vulnerability in libraw

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads when processing tag 0x412, which is related to large values of w0 or w1, or the frac and mult calculations...

TencentOS Server 4: LibRaw (TSSA-2025:0399)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0399 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2025-43961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 Note that Nessus relies on the presence o...

Linux Distros Unpatched Vulnerability : CVE-2025-43964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values. CVE-2025-43964 Note that...

Amazon Linux 2 : LibRaw (ALAS-2025-2954)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2954 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1...

[SECURITY] Fedora 40 Update: mingw-LibRaw-0.21.4-1.fc40

MinGW Windows LibRaw library...

SUSE CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

Libraw 安全漏洞

Libraw is a C++ library from Libraw for processing RAWCRW/CR2,NEF,RAF,DNG,andothers format images, supporting various operating systems. A security vulnerability exists in Libraw versions prior to 0.21.4, which stems from the phaseonecorrect function in decoders/loadmfbacks.cpp not enforcing the...

Libraw 缓冲区错误漏洞

Libraw is a C++ library from Libraw for processing RAW CRW/CR2, NEF, RAF, DNG, andothers format images, supporting various operating systems. A buffer error vulnerability exists in Libraw versions prior to 0.21.4, which stems from an out-of-bounds read by the Fujifilm 0xf00c tag parser in...

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

CVE-2024-46957

Summary: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 are vulnerable to response spoofing because the stanza type is not checked when IDs are predictable. This can enable an attacker to spoof responses and may lead to compromise. The issue is fixed in version 0.22.0. Affected software: M...

PT-2024-32298 · Mellium · Mellium.Im/Xmpp

Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 Description: The issue allows response spoofing because the stanza type is not checked. This can lead to potential system compromise. The estimated number of potentially affected devices...

PT-2023-24206 · Pomerium · Pomerium

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.17.4 Pomerium versions prior to 0.18.1 Pomerium versions prior to 0.19.2 Pomerium versions prior to 0.20.1 Pomerium versions prior to 0.21.4 Pomerium versions prior to 0.22.2 Description: Pomerium is an identity a...

Nextcloud 安全漏洞

Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...

slpjs Input Validation Error Vulnerability

slpjs is a JavaScript library for validating and building the Simple Ledger Protocol SLP. An input validation error vulnerability exists in versions of slpjs prior to 0.21.4. The vulnerability stems from a network system or product that does not properly validate input data...