Ubuntu 25.04: USN-7485-1 critical: LibRaw denial of service
May 06, 2025
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
LibRaw could be made to crash if it received specially crafted input.
========================================================================== Ubuntu Security Notice USN-7485-1 May 06, 2025 libraw vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: LibRaw could be made to crash if it received specially crafted input. Software Description: - libraw: raw image decoder library Details: It was discovered that LibRaw could be made to read out of bounds. An attacker could possibly use this issue to cause applications using LibRaw to crash, resulting in a denial of service. (CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libraw-bin 0.21.3-1ubuntu0.25.04.1 libraw23t64 0.21.3-1ubuntu0.25.04.1 Ubuntu 24.10 libraw-bin 0.21.2-2.1ubuntu0.24.10.1 libraw23t64 0.21.2-2.1ubuntu0.24.10.1 Ubuntu 24.04 LTS libraw-bin 0.21.2-2.1ubuntu0.24.04.1 libraw23t64 0.21.2-2.1ubuntu0.24.04.1 Ubuntu 22.04 LTS libraw-bin 0.20.2-2ubuntu2.22.04.2 libraw20 0.20.2-2ubuntu2.22.04.2 Ubuntu 20.04 LTS libraw-bin 0.19.5-1ubuntu1.4 libraw19 0.19.5-1ubuntu1.4 Ubuntu 18.04 LTS libraw-bin 0.18.8-1ubuntu0.4+esm1 Available with Ubuntu Pro libraw16 0.18.8-1ubuntu0.4+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libraw-bin 0.17.1-1ubuntu0.5+esm1 Available with Ubuntu Pro libraw15 0.17.1-1ubuntu0.5+esm1 Available with Ubuntu Pro After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7485-1 CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964 Package Information: https://launchpad.net/ubuntu/+source/libraw/0.21.3-1ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.10.1 https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.22.04.2 https://launchpad.net/ubuntu/+source/libraw/0.19.5-1ubuntu1.4
PREVIOUS
NEXT
Ubuntu 25.04: USN-7485-1 critical: LibRaw denial of service
ubuntu
May 6, 2025
LibRaw could be made to crash if it received specially crafted input.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: LibRaw could be made to crash if it received specially crafted input. Software Description: - libraw: raw image decoder library Details: It was discovered that LibRaw could be made to read out of bounds. An attacker could possibly use this issue to cause applications using LibRaw to crash, resulting in a denial of service. (CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libraw-bin 0.21.3-1ubuntu0.25.04.1 libraw23t64 0.21.3-1ubuntu0.25.04.1 Ubuntu 24.10 libraw-bin 0.21.2-2.1ubuntu0.24.10.1 libraw23t64 0.21.2-2.1ubuntu0.24.10.1 Ubuntu 24.04 LTS libraw-bin 0.21.2-2.1ubuntu0.24.04.1 libraw23t64 0.21.2-2.1ubuntu0.24.04.1 Ubuntu 22.04 LTS libraw-bin 0.20.2-2ubuntu2.22.04.2 libraw20 0.20.2-2ubuntu2.22.04.2 Ubuntu 20.04 LTS libraw-bin 0.19.5-1ubuntu1.4 libraw19 0.19.5-1ubuntu1.4 Ubuntu 18.04 LTS libraw-bin 0.18.8-1ubuntu0.4+esm1 Available with Ubuntu Pro libraw16 0.18.8-1ubuntu0.4+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libraw-bin 0.17.1-1ubuntu0.5+esm1 Available with Ubuntu Pro libraw15 0.17.1-1ubuntu0.5+esm1 Available with Ubuntu Pro After a standard system update you need to restart your session to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7485-1
CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7485-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/libraw/0.21.3-1ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.10.1 https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.22.04.2 https://launchpad.net/ubuntu/+source/libraw/0.19.5-1ubuntu1.4
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!