Libraw 安全漏洞

Libraw is a C++ library from Libraw for processing RAWCRW/CR2,NEF,RAF,DNG,andothers format images, supporting various operating systems. A security vulnerability exists in Libraw versions prior to 0.21.4, which stems from the phaseonecorrect function in decoders/loadmfbacks.cpp not enforcing the...

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

Libraw 缓冲区错误漏洞

Libraw is a C++ library from Libraw for processing RAW CRW/CR2, NEF, RAF, DNG, andothers format images, supporting various operating systems. A buffer error vulnerability exists in Libraw versions prior to 0.21.4, which stems from an out-of-bounds read in the phaseonecorrect function in...

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

PT-2025-17421

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue arises from the processing of tag 0x412 in the phase one correct function within decoders/load mfbacks.cpp, where minimum w0 and w1 values are not enforced. Recommendations For versions pri...

PT-2025-17419

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue is related to out-of-bounds reads in the phase one correct function within decoders/load mfbacks.cpp for tag 0x412 processing. This is caused by large w0 or w1 values or the frac and mult...

PT-2025-17418

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue is related to an out-of-bounds read in the Fujifilm 0xf00c tag parser within the metadata/tiff.cpp file. Recommendations For versions prior to 0.21.4, update to version 0.21.4 or later to...

PT-2025-17420

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4 Description The issue arises from the phase one correct function in decoders/load mfbacks.cpp, which allows out-of-buffer access. This occurs because the split col and split row values are not checked during the...

Linux Distros Unpatched Vulnerability : CVE-2023-1729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in LibRaw. A heap-buffer-overflow in raw2imageex caused by a maliciously crafted file may lead to an application crash. CVE-2023-1729 Note that...

Linux Distros Unpatched Vulnerability : CVE-2021-32142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::getschar, int in...

Linux Distros Unpatched Vulnerability : CVE-2018-20364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibRaw::copybayer in librawcxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. CVE-2018-20364 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2020-15503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For...

Linux Distros Unpatched Vulnerability : CVE-2018-5810

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error within the rolleiloadraw function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow an...

Linux Distros Unpatched Vulnerability : CVE-2017-13735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack...

Linux Distros Unpatched Vulnerability : CVE-2018-20363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibRaw::raw2image in librawcxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. CVE-2018-20363 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2018-5813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error within the parseminolta function dcraw/dcraw.c in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted...

Linux Distros Unpatched Vulnerability : CVE-2018-5802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error within the kodakradcloadraw function internal/dcrawcommon.cpp related to the buf variable in LibRaw versions prior to 0.18.7 can be exploited to cause ...

Linux Distros Unpatched Vulnerability : CVE-2018-5805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A boundary error within the quicktake100loadraw function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based...