diff mbox series

[meta-oe,kirkstone,13/14] libraw: patch CVE-2025-43963

Message ID 20251128201845.2578315-13-skandigraun@gmail.com
State New
Headers show
Series [meta-multimedia,kirkstone,01/14] libde265: patch CVE-2022-1253 | expand

Commit Message

Gyorgy Sarvari Nov. 28, 2025, 8:18 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43963

Pick the patch that is referenced in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../libraw/libraw/CVE-2025-43963.patch        | 36 +++++++++++++++++++
 .../recipes-support/libraw/libraw_0.20.2.bb   |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta-oe/recipes-support/libraw/libraw/CVE-2025-43963.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/libraw/libraw/CVE-2025-43963.patch b/meta-oe/recipes-support/libraw/libraw/CVE-2025-43963.patch
new file mode 100644
index 0000000000..9e594dd110
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw/CVE-2025-43963.patch
@@ -0,0 +1,36 @@ 
+From 188a8ba8e1e0a7a85d04dafd867a1a069b568ed9 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Thu, 6 Feb 2025 21:01:58 +0300
+Subject: [PATCH] check split_col/split_row values in phase_one_correct
+
+CVE: CVE-2025-43963
+Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/decoders/load_mfbacks.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index 2def6d6e..00a9bc1e 100644
+--- a/src/decoders/load_mfbacks.cpp
++++ b/src/decoders/load_mfbacks.cpp
+@@ -211,7 +211,8 @@ int LibRaw::phase_one_correct()
+           off_412 = ftell(ifp) - 38;
+         }
+       }
+-      else if (tag == 0x041f && !qlin_applied)
++      else if (tag == 0x041f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width
++               && ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant linearization */
+         ushort lc[2][2][16], ref[16];
+         int qr, qc;
+@@ -288,7 +289,8 @@ int LibRaw::phase_one_correct()
+         }
+         qmult_applied = 1;
+       }
+-      else if (tag == 0x0431 && !qmult_applied)
++      else if (tag == 0x0431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width
++               && ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant combined */
+         ushort lc[2][2][7], ref[7];
+         int qr, qc;
diff --git a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb
index 2e4ee20633..8d82d3a49c 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.20.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.20.2.bb
@@ -5,6 +5,7 @@  LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=74c9dffdc42805f9c0de2f97df6031fc"
 SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=master;protocol=https \
            file://CVE-2023-1729.patch \
            file://CVE-2025-43961-43962.patch \
+           file://CVE-2025-43963.patch \
            "
 SRCREV = "0209b6a2caec189e6d1a9b21c10e9e49f46e5a92"
 S = "${WORKDIR}/git"