libtiff-4.0.3-35.0.4.el7.AXS7
エラータID: AXSA:2025-10924:03
リリース日:
2025/10/06 Monday - 10:07
題名:
libtiff-4.0.3-35.0.4.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libtiff には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-8176)
- libtiff には、バッファオーバーフローの問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-8177)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- libtiff-4.0.3-35.0.4.el7.AXS7.i686.rpm
MD5: 6bd5fabee798b97da9c46f46a2c0cd9a
SHA-256: 5a03c86a96cc80df8ce9e3b1cfcdaa8131d9f920bbec2b9d1d8868071db0e0b8
Size: 176.32 kB - libtiff-4.0.3-35.0.4.el7.AXS7.x86_64.rpm
MD5: f809e5347a23876c076252d54e56fae5
SHA-256: e1da75778d089ad537675aed0ef6e7c002a3a075e1980345ddf4382f90328152
Size: 173.34 kB - libtiff-devel-4.0.3-35.0.4.el7.AXS7.i686.rpm
MD5: af8b43117a46000ae4512858300a1359
SHA-256: c81885e9b3d08ac0f4680691f571e42747581dcab38ae4575225342ce0811f61
Size: 474.81 kB - libtiff-devel-4.0.3-35.0.4.el7.AXS7.x86_64.rpm
MD5: f990ffc127dbb7a348a8da7fe5f67083
SHA-256: 6b06e58f1b030fe61e05eee3918d27ad0e478aaa1a6e0dbf42f1c538598e1036
Size: 474.79 kB
English