Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 9: libraw Critical Out-of-Bounds Issue MGASA-2025-0316

mageia
Calendar Grey December 5, 2025
Dist Mageia Esm H88
Critical security fix for libraw and other packages in Mageia to address multiple out-of-bounds vulnerabilities.
MGASA-2025-0316 - Updated libraw, digikam & darktable packages fix security vulnerabilities

Summary

Description: In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. (CVE-2025-43961) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. (CVE-2025-43962) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. (CVE-2025-43963) In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. (CVE-2025-43964)

References

- https://bugs.mageia.org/show_bug.cgi?id=34221

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDAIVZ4BSSDOYXE25CJ6Z7KXPOF4A6GL/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMNI4GAUYVWHWJ2MPCIEMWUBTIM32E2H/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3I3BWKSTHKFJDS7ZRYZSMCPXZLSPJKIW/

- https://www.cve.org/CVERecord?id=CVE-2025-43961

- https://www.cve.org/CVERecord?id=CVE-2025-43962

- https://www.cve.org/CVERecord?id=CVE-2025-43963

- https://www.cve.org/CVERecord?id=CVE-2025-43964

Topics%20covered

Topics Covered

security advisory security issue CVE reference out-of-bounds libraw Mageia

Resolution

SRPMS

- 9/core/libraw-0.20.2-5.1.mga9

- 9/core/digikam-8.4.0-1.1.mga9

- 9/core/darktable-4.6.1-1.2.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 04 Dec 2025
URL: https://advisories.mageia.org/MGASA-2025-0316.html
Type: security
CVE: CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964

Topics%20covered

Topics Covered

security advisory security issue CVE reference out-of-bounds libraw Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here