CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43961 – Ubuntu Security Notice USN-7485-1
https://notcve.org/view.php?id=CVE-2025-43961
20 Apr 2025 — In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. En Libraw antes de 0.21.4, Metadata/Tiff.cpp tiene un fuera de los límites Leer en el analizador de etiqueta FUJIFILM 0XF00C. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp. Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function. • https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43962 – Ubuntu Security Notice USN-7485-1
https://notcve.org/view.php?id=CVE-2025-43962
20 Apr 2025 — In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. En Libraw antes de 0.21.4, Phase_One_Correct en decoders/load_mfbacks.cpp tiene fuera de los límites lectura para el procesamiento de la etiqueta 0x412, relacionado con valores W0 o W1 grandes o los cálculos FRAC y multiplicados. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm ... • https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43963 – Ubuntu Security Notice USN-7485-1
https://notcve.org/view.php?id=CVE-2025-43963
20 Apr 2025 — In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. En Libraw antes de 0.21.4, Phase_One_Correct en decoders/load_mfbacks.cpp permite el acceso fuera del búfer porque los valores split_col y split_row no se verifican en el procesamiento de etiquetas 0x041f. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tif... • https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43964 – SUSE Security Advisory - SUSE-SU-2025:1572-1
https://notcve.org/view.php?id=CVE-2025-43964
20 Apr 2025 — In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. En Libraw antes de 0.21.4, la etiqueta 0x412 procesa en fase_one_correct en decoders/load_mfbacks.cpp no ??hace cumplir los valores mínimos de W0 y W1. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp. • https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22628 – Ubuntu Security Notice USN-6377-1
https://notcve.org/view.php?id=CVE-2020-22628
22 Aug 2023 — Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Vulnerabilidad de desbordamiento de búfer en la función LibRaw::stretch() en libraw\src\postprocessing\aspect_ratio.cpp. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://github.com/LibRaw/LibRaw/issues/269 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
15 May 2023 — A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24870 – LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
https://notcve.org/view.php?id=CVE-2020-24870
02 Jun 2021 — Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. Libraw versiones anteriores a 0.20.1, tiene un desbordamiento del búfer de lapila por medio de la función LibRaw::identify_process_dng_fields en el archivo identify.cpp A stack buffer overflow vulnerability was found in LibRaw. This flaw allows a malicious user to send a crafted image that, when parsed by an application linked to LibRaw, leads to a denial of service or potential code execution. GNOME is... • https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24889 – Gentoo Linux Security Advisory 202010-05
https://notcve.org/view.php?id=CVE-2020-24889
16 Sep 2020 — A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Una vulnerabilidad de desbordamiento de búfer en LibRaw versiones anteriores a 20.0, la función LibRaw::GetNormalizedModel en el archivo src/metadata/normalize_model.cpp puede conllevar a una ejecución de código arbitraria dependiendo del contexto Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attacke... • https://github.com/LibRaw/LibRaw/issues/334 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-15503 – LibRaw: lack of thumbnail size range check can lead to buffer overflow
https://notcve.org/view.php?id=CVE-2020-15503
02 Jul 2020 — LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. LibRaw versiones anteriores a 0.20-RC1, carece de una comprobación de rango de tamaño de miniaturas. Esto afecta a los archivos decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, y utils/thumb_utils.cpp. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00075.html • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20363
https://notcve.org/view.php?id=CVE-2018-20363
22 Dec 2018 — LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. LibRaw::raw2image en libraw_cxx.cpp en LibRaw 0.19.1 tiene una desreferencia de puntero NULL. • http://www.securityfocus.com/bid/106299 • CWE-476: NULL Pointer Dereference •