[Git][security-tracker-team/security-tracker][master] Add new libraw CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 21 08:55:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66f01a38 by Salvatore Bonaccorso at 2025-04-21T09:54:29+02:00
Add new libraw CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,13 +18,21 @@ CVE-2025-43966 (libheif before 1.19.6 has a NULL pointer dereference in ImageIte
 	- libheif 1.19.7-1
 	NOTE: Fixed by: https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c (v1.19.6)
 CVE-2025-43964 (In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in  ...)
-	TODO: check
+	- libraw <unfixed>
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0 (0.21.4)
+	TODO: check security impact for digikam and darktable
 CVE-2025-43963 (In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cp ...)
-	TODO: check
+	- libraw <unfixed>
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964 (0.21.4)
+	TODO: check security impact for digikam and darktable
 CVE-2025-43962 (In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cp ...)
-	TODO: check
+	- libraw <unfixed>
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 (0.21.4)
+	TODO: check security impact for digikam and darktable
 CVE-2025-43961 (In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read i ...)
-	TODO: check
+	- libraw <unfixed>
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 (0.21.4)
+	TODO: check security impact for digikam and darktable
 CVE-2025-0632 (Local File Inclusion (LFI) vulnerability in a Render function of Formu ...)
 	NOT-FOR-US: Formulatrix Rock Maker Web (RMW)
 CVE-2020-36845 (The KnowBe4 Security Awareness Training application before 2020-01-10  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f01a386bf9276c02ba30c1a7ac68f56c5dc6d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66f01a386bf9276c02ba30c1a7ac68f56c5dc6d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/050633bd/attachment.htm>

More information about the debian-security-tracker-commits mailing list