{"affected":[{"ecosystem_specific":{"binaries":[{"libraw23":"0.21.1-150600.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP6","name":"libraw","purl":"pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.21.1-150600.3.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libraw-devel":"0.21.1-150600.3.5.1","libraw-devel-static":"0.21.1-150600.3.5.1","libraw-tools":"0.21.1-150600.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"libraw","purl":"pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.21.1-150600.3.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libraw-devel":"0.21.1-150600.3.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"libraw","purl":"pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.21.1-150600.3.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libraw-devel":"0.21.1-150600.3.5.1","libraw-devel-static":"0.21.1-150600.3.5.1","libraw-tools":"0.21.1-150600.3.5.1","libraw23":"0.21.1-150600.3.5.1","libraw23-32bit":"0.21.1-150600.3.5.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"libraw","purl":"pkg:rpm/opensuse/libraw&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.21.1-150600.3.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libraw fixes the following issues:\n\n- CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp (bsc#1241643)\n- CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function (bsc#1241585)\n- CVE-2025-43963: Fixed out-of-buffer access during phase_one_correct in decoders/load_mfbacks.cpp (bsc#1241642)\n- CVE-2025-43964: Fixed tag 0x412 processing in phase_one_correct  does not enforce minimum w0 and w1 values (bsc#1241584)\n","id":"SUSE-SU-2025:1572-1","modified":"2025-05-16T14:07:06Z","published":"2025-05-16T14:07:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251572-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241584"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241585"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241642"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241643"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43962"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43963"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43964"}],"related":["CVE-2025-43961","CVE-2025-43962","CVE-2025-43963","CVE-2025-43964"],"summary":"Security update for libraw","upstream":["CVE-2025-43961","CVE-2025-43962","CVE-2025-43963","CVE-2025-43964"]}