Primary

Context

LibRaw Minimum Value Enforcement Vulnerability in Tag 0x412 Processing

Vulnerability

Patched

A vulnerability exists in LibRaw versions prior to 0.21.4, specifically in the tag 0x412 processing within the 'phase_one_correct' function of 'decoders/load_mfbacks.cpp'. The issue arises because the processing does not enforce minimum values for 'w0' and 'w1', which could potentially lead to unintended behavior or processing errors.

Impact

Exploitation of this vulnerability could result in improper handling of image data, potentially causing decoding errors or inaccuracies.

Remediation

Users can upgrade to LibRaw version 0.21.4 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibRaw Minimum Value Enforcement Vulnerability in Tag 0x412 Processing

Vulnerability

Impact

Remediation

Affected Products

LibRaw

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating