CVE-2025-43961
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-43961
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-43961.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-43961
- Downstream
- Related
- Published
- 2025-04-21T00:15:32Z
- Modified
- 2025-10-10T17:42:53.867238Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
- References
Affected packages
Git / github.com/libraw/libraw
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libraw/libraw
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.11.0-Release
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.16.0
0.17.0
0.18.0
0.20-RC2
0.20.0
0.20.1
0.20.2
0.21-Beta1
0.21.0
0.21.1
0.21.2
0.21.3
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2025-43961-a8867a26",
"signature_type": "Line",
"target": {
"file": "src/metadata/tiff.cpp"
},
"source": "https://github.com/libraw/libraw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"75786639247811888695911691908770333442",
"324188435116035207719336047085610968737",
"184364749296307487760383253901577428781",
"224910600199708085947552526714899231778",
"290284909087423115652512491364097126734",
"55232918697542156197087610958187377546",
"208270328290047128007542164269810146193",
"15673720975732090322039602822053826542",
"229285344664976981124185169925684502259",
"255436438739078153814130833548018329962",
"138824071107219638206291012640650950126",
"27231935912625183278001478895860733106",
"263513715267664076340441701824277963639",
"21208839337331315008813833213585735771",
"185629750238778966012308780677370087545",
"272486708748459356131483158048483395523",
"117366396116827941393545487037155046471",
"325286465215510775806104540139564247517",
"239375309794674083855298311838696802710",
"189284190228368588943615018686319565665",
"118133643838218130326613630517333623472",
"83495295596959631691127737588956505173",
"243153432370433765723500813854770931557",
"142332137698307746172956350091343076244",
"301470813346256709690486566347437149828"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-43961-af2a4d39",
"signature_type": "Function",
"target": {
"file": "src/metadata/tiff.cpp",
"function": "LibRaw::parse_tiff_ifd"
},
"source": "https://github.com/libraw/libraw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2",
"digest": {
"function_hash": "197872948769677158610949855518456599555",
"length": 39561.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-43961-de32d6c2",
"signature_type": "Line",
"target": {
"file": "src/decoders/load_mfbacks.cpp"
},
"source": "https://github.com/libraw/libraw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"227255839399777494310220549945935304710",
"47652950835096864347591816135174446054",
"871839194140884956346434446416526218",
"313944228688491406369686973250630163866",
"268144868560653473932482666219597082506",
"121199975125118014332712506648346829704",
"30592309213274763928530496170015720076",
"280560097526375837232063219019104278151",
"43689934646373510547775889377772530341",
"265763856735334934025136245109914832870",
"174579587141248787746192459117457290869"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"id": "CVE-2025-43961-f3fbb1ed",
"signature_type": "Function",
"target": {
"file": "src/decoders/load_mfbacks.cpp",
"function": "LibRaw::phase_one_correct"
},
"source": "https://github.com/libraw/libraw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2",
"digest": {
"function_hash": "16641124102554756246182794909367149692",
"length": 8866.0
},
"deprecated": false,
"signature_version": "v1"
}
]
}