mingw-libtiff-4.0.9-3.el8_10
エラータID: AXSA:2025-11059:01
リリース日:
2025/11/10 Monday - 17:38
題名:
mingw-libtiff-4.0.9-3.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libtiff には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-8176)
- compat-libtiff3 および mingw-libtiff には、カラー情報のデータ
を任意のメモリ領域に上書きできてしまう問題があるため、リモートの
攻撃者により、巨大な高さのサイズを持つように巧妙に細工されたメタ
データ情報を持つ LIFF 形式のファイルの処理を介して、任意のコード
の実行、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-9900)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
追加情報:
N/A
ダウンロード:
SRPMS
- mingw-libtiff-4.0.9-3.el8_10.src.rpm
MD5: cf789664b9520e45a2acd2c627bb295d
SHA-256: 8eb3b2989cb9ebe1bcf80127902cf42a5ec8a3c544c56b6eccf48d29979e2a3a
Size: 2.27 MB
Asianux Server 8 for x86_64
- mingw32-libtiff-4.0.9-3.el8_10.noarch.rpm
MD5: 984c9fe2e782ed4337885e216a67a4d5
SHA-256: 2fc84fbafad52ad5dfa9f45a7a75af5f6523eb49ead8de54def4d1da86841497
Size: 268.86 kB - mingw32-libtiff-static-4.0.9-3.el8_10.noarch.rpm
MD5: c74369ec1d5ac4370446612ccb145b41
SHA-256: 121b2806d30763f825e812b3e09961723ed8be60e82d29e83d33f3286bb138d8
Size: 168.86 kB - mingw64-libtiff-4.0.9-3.el8_10.noarch.rpm
MD5: 35aea87f449686160c37ff4fc941c205
SHA-256: c3f022fcbf195e755db6d7af323dc06d3640099c1d578b12d27e4cd9b2dba96c
Size: 268.42 kB - mingw64-libtiff-static-4.0.9-3.el8_10.noarch.rpm
MD5: 15bd7c690721ab37022d2a2653a9dce0
SHA-256: 9d59810ef7d86d1aa5f9818f2848cfa78f452ec2d5495390fa33d12f43967277
Size: 174.79 kB
English