OESA-2025-1478
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1478
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-1478.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-1478
- Upstream
- Published
- 2025-05-09T12:42:32Z
- Modified
- 2025-08-12T05:50:49.927677Z
- Summary
- LibRaw security update
- Details
-
LibRaw is a library for reading RAW files from digital photo cameras (CRW/CR2, NEF, RAF, etc, virtually all RAW formats are supported).It pays special attention to correct retrieval of data required for subsequent RAW conversion.The library is intended for embedding in RAW converters, data analyzers, and other programs using RAW files as the initial data.
Security Fix(es):
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.(CVE-2025-43961)
In LibRaw before 0.21.4, phaseonecorrect in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.(CVE-2025-43962)
In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and split_row values are not checked in 0x041f tag processing.(CVE-2025-43963)
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.(CVE-2025-43964)
- Database specific
{ "severity": "Low" }- References
Affected packages
openEuler:24.03-LTS / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/openEuler/LibRaw&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.21.1-4.oe2403sp1
Ecosystem specific
{
"aarch64": [
"LibRaw-0.21.1-4.oe2403.aarch64.rpm",
"LibRaw-debuginfo-0.21.1-4.oe2403.aarch64.rpm",
"LibRaw-debugsource-0.21.1-4.oe2403.aarch64.rpm",
"LibRaw-devel-0.21.1-4.oe2403.aarch64.rpm",
"LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm",
"LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm",
"LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm",
"LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"LibRaw-0.21.1-4.oe2403.x86_64.rpm",
"LibRaw-debuginfo-0.21.1-4.oe2403.x86_64.rpm",
"LibRaw-debugsource-0.21.1-4.oe2403.x86_64.rpm",
"LibRaw-devel-0.21.1-4.oe2403.x86_64.rpm",
"LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm",
"LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm",
"LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm",
"LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm"
],
"src": [
"LibRaw-0.21.1-4.oe2403.src.rpm",
"LibRaw-0.21.1-4.oe2403sp1.src.rpm"
]
}
openEuler:24.03-LTS-SP1 / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/openEuler/LibRaw&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.21.1-4.oe2403sp1
Ecosystem specific
{
"aarch64": [
"LibRaw-0.21.1-4.oe2403sp1.aarch64.rpm",
"LibRaw-debuginfo-0.21.1-4.oe2403sp1.aarch64.rpm",
"LibRaw-debugsource-0.21.1-4.oe2403sp1.aarch64.rpm",
"LibRaw-devel-0.21.1-4.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"LibRaw-0.21.1-4.oe2403sp1.x86_64.rpm",
"LibRaw-debuginfo-0.21.1-4.oe2403sp1.x86_64.rpm",
"LibRaw-debugsource-0.21.1-4.oe2403sp1.x86_64.rpm",
"LibRaw-devel-0.21.1-4.oe2403sp1.x86_64.rpm"
],
"src": [
"LibRaw-0.21.1-4.oe2403sp1.src.rpm"
]
}
openEuler:20.03-LTS-SP4 / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/openEuler/LibRaw&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.20.2-8.oe2003sp4
Ecosystem specific
{
"aarch64": [
"LibRaw-0.20.2-8.oe2003sp4.aarch64.rpm",
"LibRaw-debuginfo-0.20.2-8.oe2003sp4.aarch64.rpm",
"LibRaw-debugsource-0.20.2-8.oe2003sp4.aarch64.rpm",
"LibRaw-devel-0.20.2-8.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"LibRaw-0.20.2-8.oe2003sp4.x86_64.rpm",
"LibRaw-debuginfo-0.20.2-8.oe2003sp4.x86_64.rpm",
"LibRaw-debugsource-0.20.2-8.oe2003sp4.x86_64.rpm",
"LibRaw-devel-0.20.2-8.oe2003sp4.x86_64.rpm"
],
"src": [
"LibRaw-0.20.2-8.oe2003sp4.src.rpm"
]
}
openEuler:22.03-LTS-SP3 / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/openEuler/LibRaw&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.20.2-9.oe2203sp3
Ecosystem specific
{
"aarch64": [
"LibRaw-0.20.2-9.oe2203sp3.aarch64.rpm",
"LibRaw-debuginfo-0.20.2-9.oe2203sp3.aarch64.rpm",
"LibRaw-debugsource-0.20.2-9.oe2203sp3.aarch64.rpm",
"LibRaw-devel-0.20.2-9.oe2203sp3.aarch64.rpm"
],
"x86_64": [
"LibRaw-0.20.2-9.oe2203sp3.x86_64.rpm",
"LibRaw-debuginfo-0.20.2-9.oe2203sp3.x86_64.rpm",
"LibRaw-debugsource-0.20.2-9.oe2203sp3.x86_64.rpm",
"LibRaw-devel-0.20.2-9.oe2203sp3.x86_64.rpm"
],
"src": [
"LibRaw-0.20.2-9.oe2203sp3.src.rpm"
]
}
openEuler:22.03-LTS-SP4 / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/openEuler/LibRaw&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.20.2-9.oe2203sp4
Ecosystem specific
{
"aarch64": [
"LibRaw-0.20.2-9.oe2203sp4.aarch64.rpm",
"LibRaw-debuginfo-0.20.2-9.oe2203sp4.aarch64.rpm",
"LibRaw-debugsource-0.20.2-9.oe2203sp4.aarch64.rpm",
"LibRaw-devel-0.20.2-9.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"LibRaw-0.20.2-9.oe2203sp4.x86_64.rpm",
"LibRaw-debuginfo-0.20.2-9.oe2203sp4.x86_64.rpm",
"LibRaw-debugsource-0.20.2-9.oe2203sp4.x86_64.rpm",
"LibRaw-devel-0.20.2-9.oe2203sp4.x86_64.rpm"
],
"src": [
"LibRaw-0.20.2-9.oe2203sp4.src.rpm"
]
}