Bug 2361287 (CVE-2025-43964) - CVE-2025-43964 LibRaw: Improper Validation of Specified Quantity in Input in LibRaw
Summary: CVE-2025-43964 LibRaw: Improper Validation of Specified Quantity in Input in ...
Keywords:
Status: NEW
Alias: CVE-2025-43964
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2361349 2361350 2361351 2361352 2361353 2361354 2361355 2361356 2361357 2361358 2361359 2361360 2361361 2361362 2361363 2361364 2361365 2361366
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-21 00:01 UTC by OSIDB Bzimport
Modified: 2025-04-21 13:29 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-04-21 00:01:18 UTC 
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Note You need to log in before you can comment on or make changes to this bug.