Overview

File libraw-CVE-2025-43964.patch of Package libraw.38394

Index: LibRaw-0.15.4/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.15.4.orig/internal/dcraw_common.cpp
+++ LibRaw-0.15.4/internal/dcraw_common.cpp
@@ -1550,6 +1550,8 @@ void CLASS phase_one_correct()
     unsigned w0 = head[1] * head[3], w1 = head[2] * head[4];
     if (w0 > 10240000 || w1 > 10240000)
        throw LIBRAW_EXCEPTION_ALLOC;
+    if (w0 < 1 || w1 < 1)
+       throw LIBRAW_EXCEPTION_IO_CORRUPT;
     yval[0] = (float *) calloc (head[1]*head[3] + head[2]*head[4], 6);
     merror (yval[0], "phase_one_correct()");
     yval[1] = (float  *) (yval[0] + head[1]*head[3]);
openSUSE Build Service is sponsored by
Places