Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:19156

Опубликовано: 02 нояб. 2025
Источник: rocky
Оценка: Important

Описание

Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • libtiff: Libtiff Write-What-Where (CVE-2025-9900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
libtiffx86_646.el10_0.1libtiff-4.6.0-6.el10_0.1.x86_64.rpm
libtiff-develx86_646.el10_0.1libtiff-devel-4.6.0-6.el10_0.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-9900

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-9900

CVSS3: 8.8
ubuntu
около 2 месяцев назад

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

redhat логотип

CVE-2025-9900

CVSS3: 8.8
redhat
около 2 месяцев назад

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

nvd логотип

CVE-2025-9900

CVSS3: 8.8
nvd
около 2 месяцев назад

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

msrc логотип

CVE-2025-9900

CVSS3: 8.8
msrc
около 1 месяца назад

Libtiff: libtiff write-what-where

debian логотип

CVE-2025-9900

CVSS3: 8.8
debian
около 2 месяцев назад

A flaw was found in Libtiff. This vulnerability is a "write-what-where ...