libtiff-4.0.3-35.0.4.el7.AXS7

エラータID: AXSA:2025-10924:03

Release date: 
Monday, October 6, 2025 - 10:07
Subject: 
libtiff-4.0.3-35.0.4.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

Security Fix(es):

* CVE-2025-8176: fix use after free in tools/tiffmedian.c
* CVE-2025-8177: fix buffer overflow in tools/thumbnail.c

CVE(s):
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Solution: 

Update packages.

CVEs: 
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. libtiff-4.0.3-35.0.4.el7.AXS7.i686.rpm
    MD5: 6bd5fabee798b97da9c46f46a2c0cd9a
    SHA-256: 5a03c86a96cc80df8ce9e3b1cfcdaa8131d9f920bbec2b9d1d8868071db0e0b8
    Size: 176.32 kB
  2. libtiff-4.0.3-35.0.4.el7.AXS7.x86_64.rpm
    MD5: f809e5347a23876c076252d54e56fae5
    SHA-256: e1da75778d089ad537675aed0ef6e7c002a3a075e1980345ddf4382f90328152
    Size: 173.34 kB
  3. libtiff-devel-4.0.3-35.0.4.el7.AXS7.i686.rpm
    MD5: af8b43117a46000ae4512858300a1359
    SHA-256: c81885e9b3d08ac0f4680691f571e42747581dcab38ae4575225342ce0811f61
    Size: 474.81 kB
  4. libtiff-devel-4.0.3-35.0.4.el7.AXS7.x86_64.rpm
    MD5: f990ffc127dbb7a348a8da7fe5f67083
    SHA-256: 6b06e58f1b030fe61e05eee3918d27ad0e478aaa1a6e0dbf42f1c538598e1036
    Size: 474.79 kB