Mageia alert MGASA-2025-0316 (digikam, darktable, libraw)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2025-0316: Updated libraw, digikam & darktable packages fix security vulnerabilities | |
| Date: | Fri, 05 Dec 2025 00:29:51 +0100 | |
| Message-ID: | <20251204232951.96DC1A0DCF@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2025-0316 - Updated libraw, digikam & darktable packages fix security vulnerabilities Publication date: 04 Dec 2025 URL: https://advisories.mageia.org/MGASA-2025-0316.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964 Description: In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. (CVE-2025-43961) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. (CVE-2025-43962) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. (CVE-2025-43963) In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. (CVE-2025-43964) References: - https://bugs.mageia.org/show_bug.cgi?id=34221 - https://lists.fedoraproject.org/archives/list/package-ann... - https://lists.fedoraproject.org/archives/list/package-ann... - https://lists.fedoraproject.org/archives/list/package-ann... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4... SRPMS: - 9/core/libraw-0.20.2-5.1.mga9 - 9/core/digikam-8.4.0-1.1.mga9 - 9/core/darktable-4.6.1-1.2.mga9