USN-7485-1: LibRaw vulnerabilities
Ubuntu ServerCanonical
Update from:USN-7485-1: LibRaw vulnerabilities
6 May 2025
LibRaw could be made to crash if it received specially crafted input.
Releases
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 ESM
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
libraw - raw image decoder library
Details
It was discovered that LibRaw could be made to read out of bounds. An
attacker could possibly use this issue to cause applications using LibRaw
to crash, resulting in a denial of service. (CVE-2025-43961,
CVE-2025-43962, CVE-2025-43963, CVE-2025-43964)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 25.04
- libraw-bin - 0.21.3-1ubuntu0.25.04.1
- libraw23t64 - 0.21.3-1ubuntu0.25.04.1
Ubuntu 24.10 - libraw-bin - 0.21.2-2.1ubuntu0.24.10.1
- libraw23t64 - 0.21.2-2.1ubuntu0.24.10.1
Ubuntu 24.04 - libraw-bin - 0.21.2-2.1ubuntu0.24.04.1
- libraw23t64 - 0.21.2-2.1ubuntu0.24.04.1
Ubuntu 22.04 - libraw-bin - 0.20.2-2ubuntu2.22.04.2
- libraw20 - 0.20.2-2ubuntu2.22.04.2
Ubuntu 20.04 - libraw-bin - 0.19.5-1ubuntu1.4
- libraw19 - 0.19.5-1ubuntu1.4
Ubuntu 18.04 - libraw-bin - 0.18.8-1ubuntu0.4+esm1
- Available with Ubuntu Pro
- libraw16 - 0.18.8-1ubuntu0.4+esm1
- Available with Ubuntu Pro
Ubuntu 16.04 - libraw-bin - 0.17.1-1ubuntu0.5+esm1
- Available with Ubuntu Pro
- libraw15 - 0.17.1-1ubuntu0.5+esm1
- Available with Ubuntu Pro
After a standard system update you need to restart your session to make all
the necessary changes.
