CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43961 – Ubuntu Security Notice USN-7485-1
https://notcve.org/view.php?id=CVE-2025-43961
20 Apr 2025 — In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. En Libraw antes de 0.21.4, Metadata/Tiff.cpp tiene un fuera de los límites Leer en el analizador de etiqueta FUJIFILM 0XF00C. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp. Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function. • https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43962 – Ubuntu Security Notice USN-7485-1
https://notcve.org/view.php?id=CVE-2025-43962
20 Apr 2025 — In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. En Libraw antes de 0.21.4, Phase_One_Correct en decoders/load_mfbacks.cpp tiene fuera de los límites lectura para el procesamiento de la etiqueta 0x412, relacionado con valores W0 o W1 grandes o los cálculos FRAC y multiplicados. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm ... • https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43963 – Ubuntu Security Notice USN-7485-1
https://notcve.org/view.php?id=CVE-2025-43963
20 Apr 2025 — In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. En Libraw antes de 0.21.4, Phase_One_Correct en decoders/load_mfbacks.cpp permite el acceso fuera del búfer porque los valores split_col y split_row no se verifican en el procesamiento de etiquetas 0x041f. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tif... • https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43964 – SUSE Security Advisory - SUSE-SU-2025:1572-1
https://notcve.org/view.php?id=CVE-2025-43964
20 Apr 2025 — In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. En Libraw antes de 0.21.4, la etiqueta 0x412 procesa en fase_one_correct en decoders/load_mfbacks.cpp no ??hace cumplir los valores mínimos de W0 y W1. This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp. • https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22628 – Ubuntu Security Notice USN-6377-1
https://notcve.org/view.php?id=CVE-2020-22628
22 Aug 2023 — Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. Vulnerabilidad de desbordamiento de búfer en la función LibRaw::stretch() en libraw\src\postprocessing\aspect_ratio.cpp. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://github.com/LibRaw/LibRaw/issues/269 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1729 – LibRaw: a heap-buffer-overflow in raw2image_ex()
https://notcve.org/view.php?id=CVE-2023-1729
15 May 2023 — A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. Zinuo Han and Ao Wang discovered that the Android DNG SDK, vendored in digiKam, did not correctly parse certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2188240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32142 – LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp
https://notcve.org/view.php?id=CVE-2021-32142
17 Feb 2023 — Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. A flaw was found in the LibRaw package. A stack buffer overflow in the LibRaw_buffer_datastream::gets() function in src/libraw_datastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash. Zinuo Han and Ao Wang discovered that the Android DNG SDK, v... • https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35533 – Ubuntu Security Notice USN-5715-1
https://notcve.org/view.php?id=CVE-2020-35533
01 Sep 2022 — In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::adobe_copy_pixel()" (libraw\src\decoders\dng.cpp) cuando son leídos datos del archivo de imagen It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted ph... • https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35534
https://notcve.org/view.php?id=CVE-2020-35534
01 Sep 2022 — In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. En LibRaw, se presenta una vulnerabilidad de corrupción de memoria en la función "crxFreeSubbandData()" (libraw\src\decoders\crx.cpp) cuando son procesados archivos cr3 • https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-35535
https://notcve.org/view.php?id=CVE-2020-35535
01 Sep 2022 — In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "LibRaw::parseSonySRF()" (libraw\src\metadata\sony.cpp) cuando son procesados archivos srf • https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 • CWE-125: Out-of-bounds Read •