Primary

Context

LibRaw Out-of-Bounds Access Vulnerability in 0x041f Tag Processing

Vulnerability

Patched

A vulnerability allowing out-of-bounds access has been identified in LibRaw versions prior to 0.21.4. The issue arises in the 'phase_one_correct' function within 'decoders/load_mfbacks.cpp', where the 'split_col' and 'split_row' values are not properly validated during the processing of the 0x041f tag.

Impact

Exploitation of this vulnerability leads to out-of-bounds access, which can potentially be exploited to cause a denial-of-service condition or to execute arbitrary code.

Remediation

Users are advised to update to LibRaw version 0.21.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibRaw Out-of-Bounds Access Vulnerability in 0x041f Tag Processing

Vulnerability

Impact

Remediation

Affected Products

LibRaw

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating