Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
Список пакетов
Image SLES12-SP5-Azure-SAP-BYOS
libtiff5-4.0.9-44.97.1
SUSE Linux Enterprise Server 12 SP5-LTSS
libtiff-devel-4.0.9-44.97.1
libtiff5-4.0.9-44.97.1
libtiff5-32bit-4.0.9-44.97.1
tiff-4.0.9-44.97.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libtiff-devel-4.0.9-44.97.1
libtiff5-4.0.9-44.97.1
libtiff5-32bit-4.0.9-44.97.1
tiff-4.0.9-44.97.1
Ссылки
- Link for SUSE-SU-2025:3961-1
- E-Mail link for SUSE-SU-2025:3961-1
- SUSE Security Ratings
- SUSE Bug 1250413
- SUSE CVE CVE-2025-9900 page
Описание
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libtiff5-4.0.9-44.97.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libtiff-devel-4.0.9-44.97.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libtiff5-32bit-4.0.9-44.97.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libtiff5-4.0.9-44.97.1
Ссылки
- CVE-2025-9900
- SUSE Bug 1250404