{"id":"MGASA-2025-0316","summary":"Updated libraw, digikam & darktable packages fix security vulnerabilities","details":"In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in\nthe Fujifilm 0xf00c tag parser. (CVE-2025-43961)\nIn LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp\nhas out-of-bounds reads for tag 0x412 processing, related to large w0 or\nw1 values or the frac and mult calculations. (CVE-2025-43962)\nIn LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp\nallows out-of-buffer access because split_col and split_row values are\nnot checked in 0x041f tag processing. (CVE-2025-43963)\nIn LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in\ndecoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.\n(CVE-2025-43964)\n","modified":"2026-02-04T02:46:02.421071Z","published":"2025-12-04T23:29:13Z","related":["CVE-2025-43961","CVE-2025-43962","CVE-2025-43963","CVE-2025-43964"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0316.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34221"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDAIVZ4BSSDOYXE25CJ6Z7KXPOF4A6GL/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMNI4GAUYVWHWJ2MPCIEMWUBTIM32E2H/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3I3BWKSTHKFJDS7ZRYZSMCPXZLSPJKIW/"}],"affected":[{"package":{"name":"libraw","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libraw?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20.2-5.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0316.json"}},{"package":{"name":"digikam","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/digikam?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.0-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0316.json"}},{"package":{"name":"darktable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/darktable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.1-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0316.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}