In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/43xxx/CVE-2025-43964.json",
"cna_assigner": "mitre",
"cwe_ids": [
"CWE-1284"
]
}{
"cpe": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.21.4"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}