diff --git a/meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch b/meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch new file mode 100644 index 0000000000..d7d7664da3 --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch @@ -0,0 +1,29 @@ +From 0ecd9906f70114a974809bb35b4ec9fe7fed9011 Mon Sep 17 00:00:00 2001 +From: Alex Tutubalin +Date: Sun, 2 Mar 2025 11:35:43 +0300 +Subject: [PATCH] CVE-2025-43964 + +additional checks in PhaseOne correction tag 0x412 processing + +CVE: CVE-2025-43964 +Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0] + +(cherry picked from commit a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0) +Signed-off-by: Ankur Tyagi +--- + src/decoders/load_mfbacks.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp +index f89aecce..95015d27 100644 +--- a/src/decoders/load_mfbacks.cpp ++++ b/src/decoders/load_mfbacks.cpp +@@ -495,6 +495,8 @@ int LibRaw::phase_one_correct() + unsigned w0 = head[1] * head[3], w1 = head[2] * head[4]; + if (w0 > 10240000 || w1 > 10240000) + throw LIBRAW_EXCEPTION_ALLOC; ++ if (w0 < 1 || w1 < 1) ++ throw LIBRAW_EXCEPTION_IO_CORRUPT; + yval[0] = (float *)calloc(head[1] * head[3] + head[2] * head[4], 6); + yval[1] = (float *)(yval[0] + head[1] * head[3]); + xval[0] = (ushort *)(yval[1] + head[2] * head[4]); diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb index 36b783b310..eb60f7a29a 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb @@ -6,6 +6,7 @@ SRC_URI = " \ git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https \ file://0001-CVE-2025-43961-CVE-2025-43962.patch \ file://0002-CVE-2025-43963.patch \ + file://0003-CVE-2025-43964.patch \ " SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d" S = "${WORKDIR}/git"