libtiff-4.0.9-35.el8_10

エラータID: AXSA:2025-11011:06

Release date: 
Tuesday, November 4, 2025 - 12:01
Subject: 
libtiff-4.0.9-35.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: Libtiff Write-What-Where (CVE-2025-9900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

Solution: 

Update packages.

CVEs: 
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-4.0.9-35.el8_10.src.rpm
    MD5: a791e7e430ddc6eced6a87d0813e9c67
    SHA-256: 2e6496ea9120a6acdada764f93d72ed59385f89bc736406a83fdcd29afdc51de
    Size: 2.28 MB

Asianux Server 8 for x86_64
  1. libtiff-4.0.9-35.el8_10.i686.rpm
    MD5: 532522304dd5204dcc8cab99f9a38279
    SHA-256: 78a3eceede6d195462425ae6dd8f574c772c1c74c31a766fe83b81730c56b019
    Size: 204.27 kB
  2. libtiff-4.0.9-35.el8_10.x86_64.rpm
    MD5: 4a942ccb2f5f8ee8039a9eefefe5ad0f
    SHA-256: 7dc653795971e702a364bc0d1b3815df87558e604b2627c144e9dd76e56f9c0c
    Size: 189.62 kB
  3. libtiff-devel-4.0.9-35.el8_10.i686.rpm
    MD5: 6696a32fd7aec0182e777cb84a0fe6d8
    SHA-256: de9635c49558dafdae40a22b4d7bd87af77035c9f325d56df801f9178d44796c
    Size: 512.13 kB
  4. libtiff-devel-4.0.9-35.el8_10.x86_64.rpm
    MD5: 0507eefb14235f8aeb4f2d31754dc0e8
    SHA-256: 5972e972564a112efaea5aeb0943eec7be0a4e004edda4d76d8f3cfce33ed5ae
    Size: 512.13 kB
  5. libtiff-tools-4.0.9-35.el8_10.x86_64.rpm
    MD5: 91a78674d0a2d79aaca63b3250098e3f
    SHA-256: d6f7493fe19e7f063282fc19979bd5adc24da148b1bc3f496b841795a77aaf0e
    Size: 255.66 kB