rpm package
suse/libraw&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-43964 | — | < 0.15.4-45.1 | 0.15.4-45.1 | Apr 20, 2025 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. | ||
| CVE-2025-43962 | — | < 0.15.4-45.1 | 0.15.4-45.1 | Apr 20, 2025 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. | ||
| CVE-2015-8367 | — | < 0.15.4-45.1 | 0.15.4-45.1 | Jan 14, 2020 | The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | ||
| CVE-2015-3885 | — | < 0.15.4-45.1 | 0.15.4-45.1 | May 19, 2015 | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. |
- CVE-2025-43964Apr 20, 2025affected < 0.15.4-45.1fixed 0.15.4-45.1
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
- CVE-2025-43962Apr 20, 2025affected < 0.15.4-45.1fixed 0.15.4-45.1
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
- CVE-2015-8367Jan 14, 2020affected < 0.15.4-45.1fixed 0.15.4-45.1
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
- CVE-2015-3885May 19, 2015affected < 0.15.4-45.1fixed 0.15.4-45.1
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.