{
  "threat_severity" : "Low",
  "public_date" : "2025-04-20T00:00:00Z",
  "bugzilla" : {
    "description" : "LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw",
    "id" : "2361283",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2361283"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-125",
  "details" : [ "In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.", "A flaw was found in LibRaw. In affected versions of LibRaw, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "libraw1394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "libraw1394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "libraw1394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-43961\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-43961\nhttps://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2\nhttps://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4\nhttps://www.libraw.org/news/libraw-0-21-4-release" ],
  "name" : "CVE-2025-43961",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}