CVE-2025-43964

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibRaw versions prior to 0.21.4

Description The issue arises from the processing of tag 0x412 in the phase one correct function within decoders/load mfbacks.cpp, where minimum w0 and w1 values are not enforced.

Recommendations For versions prior to 0.21.4, update to version 0.21.4 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284

Related Identifiers

AZL-61756

BDU:2025-10595

CVE-2025-43964

DLA-4142-1

MGASA-2025-0316

OESA-2025-1478

OPENSUSE-SU-2025:15025-1

OPENSUSE-SU-2025_1568-1

OPENSUSE-SU-2025_1572-1

SUSE-SU-2025:01569-1

SUSE-SU-2025:01572-1

SUSE-SU-2025:1380-1

SUSE-SU-2025:1568-1

SUSE-SU-2025:1569-1

SUSE-SU-2025:1572-1

USN-7485-1

Affected Products

Alt Linux

Debian

Libraw

Linuxmint

Suse

Ubuntu

CVE-2025-43964

Weakness Enumeration

Related Identifiers

Affected Products

References · 60