{
  "threat_severity" : "Low",
  "public_date" : "2025-04-20T00:00:00Z",
  "bugzilla" : {
    "description" : "LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function",
    "id" : "2361286",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2361286"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-125",
  "details" : [ "In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.", "A flaw was found in LibRaw. In affected versions, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing. This issue is related to large w0 or w1 values or the frac and mult calculations." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "libraw1394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "libraw1394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "libraw1394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "LibRaw",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-43962\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-43962\nhttps://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2\nhttps://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4\nhttps://www.libraw.org/news/libraw-0-21-4-release" ],
  "name" : "CVE-2025-43962",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}