ALT-PU-2025-11952-2
Closed vulnerabilities
Modified: 2025-09-11
CVE-2025-8961
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
- http://www.libtiff.org/
- https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
- https://gitlab.com/libtiff/libtiff/-/issues/721
- https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
- https://vuldb.com/?ctiid.319955
- https://vuldb.com/?id.319955
- https://vuldb.com/?submit.627957
Modified: 2025-10-13
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
- https://access.redhat.com/errata/RHSA-2025:17651
- https://access.redhat.com/errata/RHSA-2025:17675
- https://access.redhat.com/errata/RHSA-2025:17710
- https://access.redhat.com/errata/RHSA-2025:17738
- https://access.redhat.com/errata/RHSA-2025:17739
- https://access.redhat.com/errata/RHSA-2025:17740
- https://access.redhat.com/security/cve/CVE-2025-9900
- https://bugzilla.redhat.com/show_bug.cgi?id=2392784
- https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
- https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file