ALT-PU-2025-12003-1
Package libtiff5 updated to version 4.4.0-alt8 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2025-08-14
Modified: 2025-09-11
Modified: 2025-09-11
CVE-2025-8961
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
Severity: LOW (1.7)
Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P
Severity: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM (4.8)
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:
- http://www.libtiff.org/
- https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
- https://gitlab.com/libtiff/libtiff/-/issues/721
- https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
- https://vuldb.com/?ctiid.319955
- https://vuldb.com/?id.319955
- https://vuldb.com/?submit.627957