The following vulnerability was published for libraw.
CVE-2025-43963[0]:
| In LibRaw before 0.21.4, phase_one_correct in
| decoders/load_mfbacks.cpp allows out-of-buffer access because
| split_col and split_row values are not checked in 0x041f tag
| processing.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.