Search CVE reports


Toggle filters

1 – 10 of 59 results


CVE-2025-43964

Medium priority
Needs evaluation

In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

8 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2025-43963

Medium priority
Needs evaluation

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

8 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2025-43962

Medium priority
Needs evaluation

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

8 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2025-43961

Medium priority
Needs evaluation

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

8 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2020-22628

Medium priority

Some fixes available 2 of 53

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Not affected Fixed Not affected Not affected
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2023-1729

Medium priority

Some fixes available 11 of 68

A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Fixed Fixed Fixed Not affected
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Fixed Fixed Fixed Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2021-32142

Low priority

Some fixes available 9 of 66

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Not affected Fixed Not affected Not affected
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Fixed Fixed Fixed Vulnerable Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35535

Medium priority
Needs evaluation

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Not affected Not affected Not affected Not affected
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35534

Medium priority
Needs evaluation

In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Not affected Not affected Not affected Not affected
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2020-35533

Medium priority

Some fixes available 4 of 60

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

9 affected packages

darktable, dcraw, digikam, exactimage, kodi...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Not affected Not affected Fixed Fixed Not affected
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages