2361286 – (CVE-2025-43962) CVE-2025-43962 LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function

Bug 2361286 (CVE-2025-43962) - CVE-2025-43962 LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function

Summary: CVE-2025-43962 LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function

Keywords:
Status:	NEW
Alias:	CVE-2025-43962
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2361367 2361368 2361371 2361376 2361377 2361381 2361369 2361370 2361372 2361373 2361374 2361375 2361378 2361379 2361380 2361382 2361383 2361384
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-21 00:01 UTC by OSIDB Bzimport
Modified:	2025-04-21 13:30 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-21 00:01:16 UTC

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

Note You need to log in before you can comment on or make changes to this bug.