OESA-2025-1478

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1478
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1478.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1478
Upstream
Published
2025-05-09T12:42:32Z
Modified
2025-08-12T05:50:49.927677Z
Summary
LibRaw security update
Details

LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data.

Security Fix(es):

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.(CVE-2025-43961)

In LibRaw before 0.21.4, phaseonecorrect in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.(CVE-2025-43962)

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and split_row values are not checked in 0x041f tag processing.(CVE-2025-43963)

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.(CVE-2025-43964)

Database specific
{
    "severity": "Low"
}
References

Affected packages

openEuler:24.03-LTS / LibRaw

Package

Name
LibRaw
Purl
pkg:rpm/openEuler/LibRaw&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.1-4.oe2403sp1

Ecosystem specific

{
    "aarch64": [
        "LibRaw-0.21.1-4.oe2403.aarch64.rpm",
        "LibRaw-debuginfo-0.21.1-4.oe2403.aarch64.rpm",
        "LibRaw-debugsource-0.21.1-4.oe2403.aarch64.rpm",
        "LibRaw-devel-0.21.1-4.oe2403.aarch64.rpm",
        "LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm",
        "LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm",
        "LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm",
        "LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm"
    ],
    "x86_64": [
        "LibRaw-0.21.1-4.oe2403.x86_64.rpm",
        "LibRaw-debuginfo-0.21.1-4.oe2403.x86_64.rpm",
        "LibRaw-debugsource-0.21.1-4.oe2403.x86_64.rpm",
        "LibRaw-devel-0.21.1-4.oe2403.x86_64.rpm",
        "LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm",
        "LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm",
        "LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm",
        "LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "LibRaw-0.21.1-4.oe2403.src.rpm",
        "LibRaw-0.21.1-4.oe2403sp1.src.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / LibRaw

Package

Name
LibRaw
Purl
pkg:rpm/openEuler/LibRaw&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.1-4.oe2403sp1

Ecosystem specific

{
    "aarch64": [
        "LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm",
        "LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm",
        "LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm",
        "LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm"
    ],
    "x86_64": [
        "LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm",
        "LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm",
        "LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm",
        "LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "LibRaw-0.21.1-4.oe2403sp1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / LibRaw

Package

Name
LibRaw
Purl
pkg:rpm/openEuler/LibRaw&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-8.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "LibRaw-0.20.2-8.oe2003sp4.aarch64.rpm",
        "LibRaw-debuginfo-0.20.2-8.oe2003sp4.aarch64.rpm",
        "LibRaw-debugsource-0.20.2-8.oe2003sp4.aarch64.rpm",
        "LibRaw-devel-0.20.2-8.oe2003sp4.aarch64.rpm"
    ],
    "x86_64": [
        "LibRaw-0.20.2-8.oe2003sp4.x86_64.rpm",
        "LibRaw-debuginfo-0.20.2-8.oe2003sp4.x86_64.rpm",
        "LibRaw-debugsource-0.20.2-8.oe2003sp4.x86_64.rpm",
        "LibRaw-devel-0.20.2-8.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "LibRaw-0.20.2-8.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / LibRaw

Package

Name
LibRaw
Purl
pkg:rpm/openEuler/LibRaw&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-9.oe2203sp3

Ecosystem specific

{
    "aarch64": [
        "LibRaw-0.20.2-9.oe2203sp3.aarch64.rpm",
        "LibRaw-debuginfo-0.20.2-9.oe2203sp3.aarch64.rpm",
        "LibRaw-debugsource-0.20.2-9.oe2203sp3.aarch64.rpm",
        "LibRaw-devel-0.20.2-9.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "LibRaw-0.20.2-9.oe2203sp3.x86_64.rpm",
        "LibRaw-debuginfo-0.20.2-9.oe2203sp3.x86_64.rpm",
        "LibRaw-debugsource-0.20.2-9.oe2203sp3.x86_64.rpm",
        "LibRaw-devel-0.20.2-9.oe2203sp3.x86_64.rpm"
    ],
    "src": [
        "LibRaw-0.20.2-9.oe2203sp3.src.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / LibRaw

Package

Name
LibRaw
Purl
pkg:rpm/openEuler/LibRaw&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-9.oe2203sp4

Ecosystem specific

{
    "aarch64": [
        "LibRaw-0.20.2-9.oe2203sp4.aarch64.rpm",
        "LibRaw-debuginfo-0.20.2-9.oe2203sp4.aarch64.rpm",
        "LibRaw-debugsource-0.20.2-9.oe2203sp4.aarch64.rpm",
        "LibRaw-devel-0.20.2-9.oe2203sp4.aarch64.rpm"
    ],
    "x86_64": [
        "LibRaw-0.20.2-9.oe2203sp4.x86_64.rpm",
        "LibRaw-debuginfo-0.20.2-9.oe2203sp4.x86_64.rpm",
        "LibRaw-debugsource-0.20.2-9.oe2203sp4.x86_64.rpm",
        "LibRaw-devel-0.20.2-9.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "LibRaw-0.20.2-9.oe2203sp4.src.rpm"
    ]
}