Package "libraw"
| Name: |
libraw
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- raw image decoder library (tools)
|
| Latest version: |
0.21.2-2.1ubuntu0.24.04.2 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "libraw" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
libraw (0.21.2-2.1ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: OOB read via load_flags/raw_width argument
- debian/patches/CVE-2026-5342.patch: Nikon padded/12bit: no need to
calculate padded row size before final raw_width adjustment in
src/decoders/decoders_libraw.cpp, src/metadata/tiff.cpp.
- CVE-2026-5342
* SECURITY UPDATE: integer overflow in deflate_dng_load_raw
- debian/patches/CVE-2026-20884-pre1.patch: implemented RAW size limit check
and allocation result check for 4-shot pentax loaded and FP-dng loader in
src/decoders/decoders_libraw.cpp, src/decoders/fp_dng.cpp.
- debian/patches/CVE-2026-20884-pre2.patch: FP DNG data limit: perform
calculations in 64 bit in src/decoders/fp_dng.cpp.
- debian/patches/CVE-2026-20884.patch: Fix for data size calculation integer
overflow in float/deflated DNG loader; Check for read results in
src/decoders/fp_dng.cpp.
- CVE-2026-20884
* SECURITY UPDATE: heap overflow in x3f_thumb_loader
- debian/patches/CVE-2026-20889.patch: Add checks in
src/decoders/unpack_thumb.cpp, src/x3f/x3f_parse_process.cpp,
src/x3f/x3f_utils_patched.cpp.
- CVE-2026-20889
* SECURITY UPDATE: heap overflow in lossless_jpeg_load_raw functionality
- debian/patches/CVE-2026-21413.patch: check raw_width in
src/decoders/decoders_dcraw.cpp.
- CVE-2026-21413
* SECURITY UPDATE: integer overflow in uncompressed_fp_dng_load_raw
- debian/patches/CVE-2026-24450.patch: avoid integer overflow in allocation
size calculation. Also: check for EOF in read loop in
src/decoders/fp_dng.cpp.
- CVE-2026-24450
* SECURITY UPDATE: heap overflow in x3f_load_huffman
- debian/patches/CVE-2026-24660.patch: X3F decoder: implemented hard single
allocation limit via LIBRAW_X3F_ALLOC_LIMIT_MB define; allocation size
calculation converted to 64 bit arithm in libraw/libraw_const.h,
src/x3f/x3f_utils_patched.cpp.
- CVE-2026-24660
-- Marc Deslauriers <email address hidden> Tue, 07 Jul 2026 12:14:13 -0400
|
| Source diff to previous version |
| CVE-2026-5342 |
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw |
| CVE-2026-20884 |
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can l |
| CVE-2026-20889 |
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file |
| CVE-2026-21413 |
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A speciall |
| CVE-2026-24450 |
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious fi |
| CVE-2026-24660 |
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file |
|
|
libraw (0.21.2-2.1ubuntu0.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2025-43961-CVE-2025-43962.patch: Check
size of head array values
- CVE-2025-43961
- CVE-2025-43962
- debian/patches/CVE-2025-43963.patch: check split_col/split_row
values in phase_one_correct
- CVE-2025-43963
* SECURITY UPDATE: Malformed input
- debian/patches/CVE-2025-43964.patch: additional checks in PhaseOne
correction tag 0x412 processing
- CVE-2025-43964
-- Bruce Cable <email address hidden> Mon, 28 Apr 2025 14:02:15 +1000
|
| CVE-2025-43961 |
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. |
| CVE-2025-43962 |
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 v |
| CVE-2025-43963 |
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not ch |
| CVE-2025-43964 |
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. |
|
About
-
Send Feedback to @ubuntu_updates