Debian 11: DLA-4142-1 Severe Vulnerability in libraw Buffer Overflow
debian lts
April 29, 2025
LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others)
Topics Covered
Summary
CVE-2025-43961
metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag
parser.
CVE-2025-43962
phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for
tag 0x412 processing, related to large w0 or w1 values or the frac and mult
calculations.
CVE-2025-43963
phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access
because split_col and split_row values are not checked in 0x041f tag
processing.
CVE-2025-43964
tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does
not enforce minimum w0 and w1 values.
For Debian 11 bullseye, these problems have been fixed in version
0.20.2-1+deb11u2.
We recommend that you upgrade your libraw packages.
For the detailed security status of libraw please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libraw
Further information about Debian LTS security advisories, how to apply
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libraw
Version: 0.20.2-1+deb11u2
CVE ID: CVE-2025-43961 CVE-2025-43962 CVE-2025-43963 CVE-2025-43964
Debian Bug: 1103781 1103782 1103783
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!