Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43964
Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../libraw/libraw/CVE-2025-43964.patch | 25 +++++++++++++++++++ .../recipes-support/libraw/libraw_0.20.2.bb | 1 + 2 files changed, 26 insertions(+) create mode 100644 meta-oe/recipes-support/libraw/libraw/CVE-2025-43964.patch diff --git a/meta-oe/recipes-support/libraw/libraw/CVE-2025-43964.patch b/meta-oe/recipes-support/libraw/libraw/CVE-2025-43964.patch new file mode 100644 index 0000000000..592c2d5ea1 --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw/CVE-2025-43964.patch @@ -0,0 +1,25 @@ +From 0e068c2826ca6a70973ec2a75d05bc95b11e4977 Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin <[email protected]> +Date: Sun, 2 Mar 2025 11:35:43 +0300 +Subject: [PATCH] additional checks in PhaseOne correction tag 0x412 processing + +CVE: CVE-2025-43964 +Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/decoders/load_mfbacks.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp +index 00a9bc1e..8ba791c6 100644 +--- a/src/decoders/load_mfbacks.cpp ++++ b/src/decoders/load_mfbacks.cpp +@@ -336,6 +336,8 @@ int LibRaw::phase_one_correct() + unsigned w0 = head[1] * head[3], w1 = head[2] * head[4]; + if (w0 > 10240000 || w1 > 10240000) + throw LIBRAW_EXCEPTION_ALLOC; ++ if (w0 < 1 || w1 < 1) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; + yval[0] = (float *)calloc(head[1] * head[3] + head[2] * head[4], 6); + merror(yval[0], "phase_one_correct()"); + yval[1] = (float *)(yval[0] + head[1] * head[3]); diff --git a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb index 8d82d3a49c..3ac2d3e795 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb @@ -6,6 +6,7 @@ SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https \ file://CVE-2023-1729.patch \ file://CVE-2025-43961-43962.patch \ file://CVE-2025-43963.patch \ + file://CVE-2025-43964.patch \ " SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92" S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122146): https://lists.openembedded.org/g/openembedded-devel/message/122146 Mute This Topic: https://lists.openembedded.org/mt/116518446/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
