CVE-2025-43963

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4

Description The issue arises from the phase one correct function in decoders/load mfbacks.cpp, which allows out-of-buffer access. This occurs because the split col and split row values are not checked during the processing of the 0x041f tag.

Recommendations For versions prior to 0.21.4, update to version 0.21.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the load mfbacks.cpp decoder to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-61810

BDU:2025-10598

CVE-2025-43963

DLA-4142-1

MGASA-2025-0316

OESA-2025-1478

OPENSUSE-SU-2025:15025-1

OPENSUSE-SU-2025_1568-1

OPENSUSE-SU-2025_1572-1

SUSE-SU-2025:01569-1

SUSE-SU-2025:01572-1

SUSE-SU-2025:1568-1

SUSE-SU-2025:1569-1

SUSE-SU-2025:1572-1

USN-7485-1

Affected Products

Alt Linux

Debian

Libraw

Linuxmint

Suse

Ubuntu

CVE-2025-43963

Weakness Enumeration

Related Identifiers

Affected Products

References · 56