{"affected":[{"ecosystem_specific":{"binaries":[{"libraw16":"0.18.9-150000.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"libraw","purl":"pkg:rpm/suse/libraw&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.18.9-150000.3.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libraw fixes the following issues:\n\n- CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp (bsc#1241643)\n- CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function (bsc#1241585)\n- CVE-2025-43963: Fixed out-of-buffer access during phase_one_correct in decoders/load_mfbacks.cpp (bsc#1241642)\n- CVE-2025-43964: Fixed tag 0x412 processing in phase_one_correct  does not enforce minimum w0 and w1 values (bsc#1241584)\n","id":"SUSE-SU-2025:1569-1","modified":"2025-05-16T13:43:41Z","published":"2025-05-16T13:43:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251569-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241584"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241585"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241642"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241643"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43962"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43963"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43964"}],"related":["CVE-2025-43961","CVE-2025-43962","CVE-2025-43963","CVE-2025-43964"],"summary":"Security update for libraw","upstream":["CVE-2025-43961","CVE-2025-43962","CVE-2025-43963","CVE-2025-43964"]}