Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015465 advisory. In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag...

Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015451 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values. Tenable has extracted the...

Astra Linux - уязвимость в libraw

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser...

Astra Linux - уязвимость в libraw

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

Amazon Linux 2 : LibRaw (ALAS-2025-2954)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2954 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1...

[SECURITY] Fedora 40 Update: mingw-LibRaw-0.21.4-1.fc40

MinGW Windows LibRaw library...

SUSE CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

slpjs Input Validation Error Vulnerability

slpjs is a JavaScript library for validating and building the Simple Ledger Protocol SLP. slpjs A vulnerability exists in input validation errors in versions prior to 0.21.4. The vulnerability stems from a network system or product that does not properly validate input data. An attacker could...

Design/Logic Flaw

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to...