CVE-2025-43964 – LibRaw Unvalidated Memory Access Vulnerability

CVE ID : CVE-2025-43964

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43966 – Libheif NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-43966

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43967 – Libheif NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-43967

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43963 – LibRaw Out-of-Bounds Access Vulnerability

CVE ID : CVE-2025-43963

Published : April 21, 2025, 12:15 a.m. | 2 hours ago

Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

Severity: 2.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43971 – GoBGP Zero-Value Software Version Len Panic

CVE ID : CVE-2025-43971

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43970 – GoBGP MRT Length Validation Buffer Overflow

CVE ID : CVE-2025-43970

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.. by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43972 – GoBGP FlowSpec Parser Denial of Service

CVE ID : CVE-2025-43972

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43973 – GoBGP Buffer Overflow Vulnerability

CVE ID : CVE-2025-43973

Published : April 21, 2025, 1:15 a.m. | 1 hour ago

Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…