LibRaw 0.21.2

CPE Details

LibRaw 0.21.2
libraw
libraw
0.21.2
2024-07-10
11h51 +00:00
2024-07-10
11h51 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libraw:libraw:0.21.2:*:*:*:*:*:*:*

Informations

Vendor

libraw

Product

libraw

Version

0.21.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-43961 2025-04-20 00h00 +00:00 In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
9.1
Critical
CVE-2025-43962 2025-04-20 00h00 +00:00 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
9.1
Critical
CVE-2025-43963 2025-04-20 00h00 +00:00 In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
9.1
Critical
CVE-2025-43964 2025-04-20 00h00 +00:00 In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.