MGASA-2025-0316

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2025-0316.html
Import Source
https://advisories.mageia.org/MGASA-2025-0316.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2025-0316
Related
Published
2025-12-04T23:29:13Z
Modified
2025-12-04T23:40:56.753296Z
Summary
Updated libraw, digikam & darktable packages fix security vulnerabilities
Details

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. (CVE-2025-43961) In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. (CVE-2025-43962) In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing. (CVE-2025-43963) In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. (CVE-2025-43964)

References
Credits

Affected packages

Mageia:9 / libraw

Package

Name
libraw
Purl
pkg:rpm/mageia/libraw?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.2-5.1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / digikam

Package

Name
digikam
Purl
pkg:rpm/mageia/digikam?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.4.0-1.1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / darktable

Package

Name
darktable
Purl
pkg:rpm/mageia/darktable?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1-1.2.mga9

Ecosystem specific 

{
    "section": "core"
}