168 matches found
CVE-2025-43962
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...
CVE-2025-43964
Summary: CVE-2025-43964 affects LibRaw up to version 0.21.3, where tag 0x412 processing in phase_one_correct (decoders/load_mfbacks.cpp) does not enforce minimum w0 and w1 values, enabling out-of-bounds memory access. The connected advisory confirms the issue and notes a fix in LibRaw 0.21.4. Aff...
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
CVE-2025-43961
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser...
CVE-2025-43963
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
CVE-2025-43962
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...
CVE-2025-43962
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...
CVE-2025-43963
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...
PT-2025-17420
Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue arises from the phase one correct function in decoders/load mfbacks.cpp, which allows out-of-buffer access. This occurs because the split col and split row values are not checked during the...
PT-2025-17418
Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue is related to an out-of-bounds read in the Fujifilm 0xf00c tag parser within the metadata/tiff.cpp file. Recommendations For versions prior to 0.21.4, update to version 0.21.4 or later to...
PT-2025-17421
Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue arises from the processing of tag 0x412 in the phase one correct function within decoders/load mfbacks.cpp, where minimum w0 and w1 values are not enforced. Recommendations For versions pri...
USN-7266-1 digikam vulnerabilities
Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2017-0691 It was...
CVE-2021-32142 affecting package LibRaw for versions less than 0.21.3-1
CVE-2021-32142 affecting package LibRaw for versions less than 0.21.3-1. An upgraded version of the package is available that resolves this issue...
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
...
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp postprocessing/mem_image.cpp and utils/thumb_utils.cpp. For example malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
...
The vulnerability of components such as dcraw/dcraw.c and internal/dcraw_common.cpp, which are part of the LibRaw image processing library, allows a perpetrator to gain access to confidential data and also trigger a service failure.
The vulnerability of the components dcraw/dcraw.c and internal/dcrawcommon.cpp, which are part of the LibRaw image processing library, involves reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause servic...
The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the internal/dcrawcommon.cpp component in the LibRaw image processing library is related to writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the x3f_utils_patched.cpp component in the LibRaw image processing library allows a hacker to trigger a service failure.
The vulnerability of the x3futilspatched.cpp component in the LibRaw image processing library is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `LibRaw_buffer_datastream::gets` function in the `src/libraw_datastream.cpp` file of the LibRaw image processing library allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the LibRawbufferdatastream::gets function in the src/librawdatastream.cpp file of the LibRaw image processing library is related to writing beyond the buffer’s boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity,...