File libraw-CVE-2025-43961.patch of Package libraw.38396

Index: LibRaw-0.20.2/src/metadata/tiff.cpp
===================================================================
--- LibRaw-0.20.2.orig/src/metadata/tiff.cpp
+++ LibRaw-0.20.2/src/metadata/tiff.cpp
@@ -980,18 +980,21 @@ int LibRaw::parse_tiff_ifd(int base)
               if ((fwb[0] == rafdata[fi]) && (fwb[1] == rafdata[fi + 1]) &&
                   (fwb[2] == rafdata[fi + 2]))
               {
-                if (rafdata[fi - 15] !=
+                if (fi > 14 && rafdata[fi - 15] !=
                     fwb[0]) // 15 is offset of Tungsten WB from the first
                             // preset, Fine Weather WB
                   continue;
-                for (int wb_ind = 0, ofst = fi - 15; wb_ind < Fuji_wb_list1.size();
-                     wb_ind++, ofst += 3)
-                {
-                  icWBC[Fuji_wb_list1[wb_ind]][1] =
-                      icWBC[Fuji_wb_list1[wb_ind]][3] = rafdata[ofst];
-                  icWBC[Fuji_wb_list1[wb_ind]][0] = rafdata[ofst + 1];
-                  icWBC[Fuji_wb_list1[wb_ind]][2] = rafdata[ofst + 2];
-                }
+				if (fi >= 15)
+				{
+					for (int wb_ind = 0, ofst = fi - 15; wb_ind < Fuji_wb_list1.size();
+						wb_ind++, ofst += 3)
+					{
+						icWBC[Fuji_wb_list1[wb_ind]][1] =
+							icWBC[Fuji_wb_list1[wb_ind]][3] = rafdata[ofst];
+						icWBC[Fuji_wb_list1[wb_ind]][0] = rafdata[ofst + 1];
+						icWBC[Fuji_wb_list1[wb_ind]][2] = rafdata[ofst + 2];
+					}
+				}
 
                 if ((imFuji.RAFDataVersion == 0x0260) || // X-Pro3
                     (imFuji.RAFDataVersion == 0x0261) || // X100V
@@ -1000,16 +1003,19 @@ int LibRaw::parse_tiff_ifd(int base)
                 fi += 96;
                 for (fj = fi; fj < (fi + 15); fj += 3)
                 {
+					if (fj > libraw_internal_data.unpacker_data.lenRAFData - 3)
+						break;
                   if (rafdata[fj] != rafdata[fi])
                   {
                     fj -= 93;
 // X-Pro3 has 34 CCT values instead of 31, manual still clames 2500 to 10000 K
 // aligned 3000 K to Incandescent, as it is usual w/ other Fujifilm cameras
-                    if ((imFuji.RAFDataVersion == 0x0260) || // X-Pro3
+                    if ((imFuji.RAFDataVersion == 0x0260) || //X-Pro3
                         (imFuji.RAFDataVersion == 0x0261) || // X100V
                         (imFuji.RAFDataVersion == 0x0262))   // X-T4
                       fj -= 9;
-                    for (int iCCT = 0, ofst = fj; iCCT < 31;
+                    for (int iCCT = 0, ofst = fj; iCCT < 31 
+						&& ofst < libraw_internal_data.unpacker_data.lenRAFData - 3;
                          iCCT++, ofst += 3)
                     {
                       icWBCCTC[iCCT][0] = FujiCCT_K[iCCT];