==========================================================================
Ubuntu Security Notice USN-7485-1
May 06, 2025

libraw vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

LibRaw could be made to crash if it received specially crafted input.

Software Description:
- libraw: raw image decoder library

Details:

It was discovered that LibRaw could be made to read out of bounds. An
attacker could possibly use this issue to cause applications using LibRaw
to crash, resulting in a denial of service. (CVE-2025-43961,
CVE-2025-43962, CVE-2025-43963, CVE-2025-43964)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libraw-bin                      0.21.3-1ubuntu0.25.04.1
  libraw23t64                     0.21.3-1ubuntu0.25.04.1

Ubuntu 24.10
  libraw-bin                      0.21.2-2.1ubuntu0.24.10.1
  libraw23t64                     0.21.2-2.1ubuntu0.24.10.1

Ubuntu 24.04 LTS
  libraw-bin                      0.21.2-2.1ubuntu0.24.04.1
  libraw23t64                     0.21.2-2.1ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libraw-bin                      0.20.2-2ubuntu2.22.04.2
  libraw20                        0.20.2-2ubuntu2.22.04.2

Ubuntu 20.04 LTS
  libraw-bin                      0.19.5-1ubuntu1.4
  libraw19                        0.19.5-1ubuntu1.4

Ubuntu 18.04 LTS
  libraw-bin                      0.18.8-1ubuntu0.4+esm1
                                  Available with Ubuntu Pro
  libraw16                        0.18.8-1ubuntu0.4+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libraw-bin                      0.17.1-1ubuntu0.5+esm1
                                  Available with Ubuntu Pro
  libraw15                        0.17.1-1ubuntu0.5+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7485-1
  CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964

Package Information:
https://launchpad.net/ubuntu/+source/libraw/0.21.3-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/libraw/0.21.2-2.1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libraw/0.20.2-2ubuntu2.22.04.2
  https://launchpad.net/ubuntu/+source/libraw/0.19.5-1ubuntu1.4