Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: FEDORA-2025-10328ff4a7 critical: multiple buffer issues

fedora
Calendar Grey April 23, 2025
Dist Fedora Esm H88
The recent update of LibRaw 0.21.4 in Fedora 40 resolves critical buffer overflow vulnerabilities and enhances input validation measures as outlined in the security advisory.
0.21.4

Summary

LibRaw is a library for reading RAW files obtained from digital photo

cameras (CRW/CR2, NEF, RAF, DNG, and others).

LibRaw is based on the source codes of the dcraw utility, where part of

drawbacks have already been eliminated and part will be fixed in future.

Update Information:

0.21.4

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora input validation LibRaw

Change Log

* Mon Apr 14 2025 Gwyn Ciesla - 0.21.4-1 - 0.21.4 * Thu Jan 16 2025 Fedora Release Engineering - 0.21.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References


[ 1 ] Bug #2359288 - LibRaw-0.21.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2359288 [ 2 ] Bug #2361334 - CVE-2025-43963 LibRaw: out-of-buffer access [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361334 [ 3 ] Bug #2361337 - CVE-2025-43963 libraw1394: out-of-buffer access [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361337 [ 4 ] Bug #2361352 - CVE-2025-43964 LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361352 [ 5 ] Bug #2361355 - CVE-2025-43964 libraw1394: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361355 [ 6 ] Bug #2361370 - CVE-2025-43962 LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361370 [ 7 ] Bug #2361373 - CVE-2025-43962 libraw1394: Out-o...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-10328ff4a7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: LibRaw
Product: Fedora 40
Version: 0.21.4
Release: 1.fc40
URL: https://www.libraw.org
Summary: Library for reading RAW files obtained from digital photo cameras

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora input validation LibRaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here