CVE-2025-43961: 
NixOS vulnerability analysis and mitigation

CVE-2025-43961 is a security vulnerability discovered in LibRaw versions before 0.21.4, affecting the metadata/tiff.cpp component. The vulnerability was disclosed on April 20, 2025, and involves an out-of-bounds read vulnerability in the Fujifilm 0xf00c tag parser (NVD, RedHat).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) with a CVSS 3.1 Base Score of 2.9 (LOW), and vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L. This indicates a local attack vector with high attack complexity, requiring no privileges or user interaction, and potentially resulting in low availability impact (NVD).

The vulnerability's impact is primarily focused on system availability, with no direct impact on confidentiality or integrity. The low CVSS score suggests minimal overall impact, though it could potentially affect systems processing Fujifilm raw image files (RedHat).

The vulnerability has been fixed in LibRaw version 0.21.4. Various Linux distributions have released security updates, including Debian which fixed the issue in version 0.20.2-1+deb11u2 for the bullseye release. Red Hat has deferred fixes for affected versions in RHEL 6, 7, 8, and 9 (Debian Tracker, RedHat).