libtiff-4.0.9-35.el8_10
エラータID: AXSA:2025-11011:06
リリース日:
2025/11/04 Tuesday - 12:01
題名:
libtiff-4.0.9-35.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- compat-libtiff3 および mingw-libtiff には、カラー情報のデータ
を任意のメモリ領域に上書きできてしまう問題があるため、リモートの
攻撃者により、巨大な高さのサイズを持つように巧妙に細工されたメタ
データ情報を持つ LIFF 形式のファイルの処理を介して、任意のコード
の実行、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-9900)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
追加情報:
N/A
ダウンロード:
SRPMS
- libtiff-4.0.9-35.el8_10.src.rpm
MD5: a791e7e430ddc6eced6a87d0813e9c67
SHA-256: 2e6496ea9120a6acdada764f93d72ed59385f89bc736406a83fdcd29afdc51de
Size: 2.28 MB
Asianux Server 8 for x86_64
- libtiff-4.0.9-35.el8_10.i686.rpm
MD5: 532522304dd5204dcc8cab99f9a38279
SHA-256: 78a3eceede6d195462425ae6dd8f574c772c1c74c31a766fe83b81730c56b019
Size: 204.27 kB - libtiff-4.0.9-35.el8_10.x86_64.rpm
MD5: 4a942ccb2f5f8ee8039a9eefefe5ad0f
SHA-256: 7dc653795971e702a364bc0d1b3815df87558e604b2627c144e9dd76e56f9c0c
Size: 189.62 kB - libtiff-devel-4.0.9-35.el8_10.i686.rpm
MD5: 6696a32fd7aec0182e777cb84a0fe6d8
SHA-256: de9635c49558dafdae40a22b4d7bd87af77035c9f325d56df801f9178d44796c
Size: 512.13 kB - libtiff-devel-4.0.9-35.el8_10.x86_64.rpm
MD5: 0507eefb14235f8aeb4f2d31754dc0e8
SHA-256: 5972e972564a112efaea5aeb0943eec7be0a4e004edda4d76d8f3cfce33ed5ae
Size: 512.13 kB - libtiff-tools-4.0.9-35.el8_10.x86_64.rpm
MD5: 91a78674d0a2d79aaca63b3250098e3f
SHA-256: d6f7493fe19e7f063282fc19979bd5adc24da148b1bc3f496b841795a77aaf0e
Size: 255.66 kB
English