CVE-2025-43964
SUSE Security Advisory - SUSE-SU-2025:1572-1
Severity Score
2.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
En Libraw antes de 0.21.4, la etiqueta 0x412 procesa en fase_one_correct en decoders/load_mfbacks.cpp no ??hace cumplir los valores mÃnimos de W0 y W1.
This update for libraw fixes the following issues. Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp. Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function. Fixed out-of-buffer access during phase_one_correct in decoders/load_mfbacks.cpp. Fixed tag 0x412 processing in phase_one_correct does not enforce minimum w0 and w1 values.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-20 CVE Reserved
- 2025-04-20 CVE Published
- 2025-04-21 CVE Updated
- 2025-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1284: Improper Validation of Specified Quantity in Input
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|