Overview

File libraw-CVE-2025-43964.patch of Package libraw.38397

Index: LibRaw-0.18.9/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.18.9.orig/internal/dcraw_common.cpp
+++ LibRaw-0.18.9/internal/dcraw_common.cpp
@@ -1807,6 +1807,8 @@ int CLASS phase_one_correct()
     unsigned w0 = head[1] * head[3], w1 = head[2] * head[4];
     if (w0 > 10240000 || w1 > 10240000)
        throw LIBRAW_EXCEPTION_ALLOC;
+    if (w0 < 1 || w1 < 1)
+       throw LIBRAW_EXCEPTION_IO_CORRUPT;
     yval[0] = (float *) calloc (head[1]*head[3] + head[2]*head[4], 6);
     merror (yval[0], "phase_one_correct()");
     yval[1] = (float  *) (yval[0] + head[1]*head[3]);
openSUSE Build Service is sponsored by
Places