libtiff-4.4.0-13.el9_6.2

エラータID: AXSA:2025-11001:05

リリース日: 
2025/10/29 Wednesday - 11:07
題名: 
libtiff-4.4.0-13.el9_6.2
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

解決策: 

Update packages.

CVE: 
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libtiff-4.4.0-13.el9_6.2.src.rpm
    MD5: f9f8c9aa5580cf55bc37b26dff1eb44c
    SHA-256: 9dac3927a7b6930db233fb2e86d9084046b3cd156b1b912a7335d9d5a98972a8
    Size: 2.76 MB

Asianux Server 9 for x86_64
  1. libtiff-4.4.0-13.el9_6.2.i686.rpm
    MD5: 15b284afe0c065af6ec81a53be972c92
    SHA-256: f7e4a1e68dc54376d622dc8fc9d45528511dba8252675ddbedaa79d213105677
    Size: 213.66 kB
  2. libtiff-4.4.0-13.el9_6.2.x86_64.rpm
    MD5: c94e5e524958a5d752b01f49f2ccde45
    SHA-256: 9f194ac0a6a1dc9bbf26e6e081b4c115c63990984cf72d34ec0c1512f3fa7240
    Size: 196.02 kB
  3. libtiff-devel-4.4.0-13.el9_6.2.i686.rpm
    MD5: 9f2e02c6c007b278345d1424067b9d0c
    SHA-256: 511a077d3deabb063605e5c37ba1898a6512139cb587f6aacf96ea39f07a0c16
    Size: 557.44 kB
  4. libtiff-devel-4.4.0-13.el9_6.2.x86_64.rpm
    MD5: 967ac8e2bdc64cdfb745a2c0c5325c15
    SHA-256: 20a4b96b597394bc2f0e9d7e87b3097e25da9606433e39df456c9c352547a9e6
    Size: 557.48 kB
  5. libtiff-tools-4.4.0-13.el9_6.2.x86_64.rpm
    MD5: fd1cb32afbf6e86b0acda62296bf468d
    SHA-256: ce84d5cd124259d0bf98234759142659430e28fd2d5671967d0b448d8f7a814c
    Size: 246.98 kB