compat-libtiff3-3.9.4-14.el8_10
エラータID: AXSA:2025-10953:01
リリース日:
2025/10/14 Tuesday - 16:56
題名:
compat-libtiff3-3.9.4-14.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- compat-libtiff3 および mingw-libtiff には、カラー情報のデータ
を任意のメモリ領域に上書きできてしまう問題があるため、リモートの
攻撃者により、巨大な高さのサイズを持つように巧妙に細工されたメタ
データ情報を持つ LIFF 形式のファイルの処理を介して、任意のコード
の実行、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-9900)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
追加情報:
N/A
ダウンロード:
SRPMS
- compat-libtiff3-3.9.4-14.el8_10.src.rpm
MD5: 471d040ce54da1f6344dc26824dcb13d
SHA-256: 4ce8563c78938758c65e766ba5889e9507862cc9493e0250a09c6dc6c827ca22
Size: 1.41 MB
Asianux Server 8 for x86_64
- compat-libtiff3-3.9.4-14.el8_10.i686.rpm
MD5: fd0968c891ff9322f08bfc4909132011
SHA-256: 5aea737e0643df50186d6751ea40e13a75e099e848e3a658c39fc5544fd438cb
Size: 149.94 kB - compat-libtiff3-3.9.4-14.el8_10.x86_64.rpm
MD5: 2aece6816d6a8792a052a65245a040fe
SHA-256: 04f8cb5d13c3ac128c9cec44a3bdf74f9944f9d088230206f92569ca01fc96df
Size: 142.60 kB
English