Advisories ยป MGASA-2025-0316

Updated libraw, digikam & darktable packages fix security vulnerabilities

Publication date: 04 Dec 2025
Modification date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43961 , CVE-2025-43962 , CVE-2025-43963 , CVE-2025-43964

Description

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in
the Fujifilm 0xf00c tag parser. (CVE-2025-43961)
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp
has out-of-bounds reads for tag 0x412 processing, related to large w0 or
w1 values or the frac and mult calculations. (CVE-2025-43962)
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp
allows out-of-buffer access because split_col and split_row values are
not checked in 0x041f tag processing. (CVE-2025-43963)
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in
decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
(CVE-2025-43964)

References

SRPMS

9/core