Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
Список пакетов
Container private-registry/harbor-nginx:latest
libtiff5-4.0.9-150000.45.60.1
Container private-registry/harbor-portal:latest
libtiff5-4.0.9-150000.45.60.1
SUSE Enterprise Storage 7.1
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Micro 5.2
libtiff5-4.0.9-150000.45.60.1
SUSE Linux Enterprise Micro 5.3
libtiff5-4.0.9-150000.45.60.1
SUSE Linux Enterprise Micro 5.4
libtiff5-4.0.9-150000.45.60.1
SUSE Linux Enterprise Micro 5.5
libtiff5-4.0.9-150000.45.60.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Manager Proxy LTS 4.3
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
SUSE Manager Server LTS 4.3
libtiff-devel-4.0.9-150000.45.60.1
libtiff5-4.0.9-150000.45.60.1
libtiff5-32bit-4.0.9-150000.45.60.1
Ссылки
- Link for SUSE-SU-2025:3941-1
- E-Mail link for SUSE-SU-2025:3941-1
- SUSE Security Ratings
- SUSE Bug 1250413
- SUSE CVE CVE-2025-9900 page
Описание
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Затронутые продукты
Container private-registry/harbor-nginx:latest:libtiff5-4.0.9-150000.45.60.1
Container private-registry/harbor-portal:latest:libtiff5-4.0.9-150000.45.60.1
SUSE Enterprise Storage 7.1:libtiff-devel-4.0.9-150000.45.60.1
SUSE Enterprise Storage 7.1:libtiff5-32bit-4.0.9-150000.45.60.1
Ссылки
- CVE-2025-9900
- SUSE Bug 1250404