CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-09-23 17:15:38
Güncelleme
2026-02-27 16:16:22
Source Identifier
secalert@redhat.com
KEV Date Added
-
Kategoriler
Referanslar
https://access.redhat.com/errata/RHSA-2025:17651
https://access.redhat.com/errata/RHSA-2025:17675
https://access.redhat.com/errata/RHSA-2025:17710
https://access.redhat.com/errata/RHSA-2025:17738
https://access.redhat.com/errata/RHSA-2025:17739
https://access.redhat.com/errata/RHSA-2025:17740
https://access.redhat.com/errata/RHSA-2025:19113
https://access.redhat.com/errata/RHSA-2025:19156
https://access.redhat.com/errata/RHSA-2025:19276
https://access.redhat.com/errata/RHSA-2025:19906
https://access.redhat.com/errata/RHSA-2025:19947
https://access.redhat.com/errata/RHSA-2025:20956
https://access.redhat.com/errata/RHSA-2025:20998
https://access.redhat.com/errata/RHSA-2025:21060
https://access.redhat.com/errata/RHSA-2025:21061
https://access.redhat.com/errata/RHSA-2025:21062
https://access.redhat.com/errata/RHSA-2025:21407
https://access.redhat.com/errata/RHSA-2025:21506
https://access.redhat.com/errata/RHSA-2025:21507
https://access.redhat.com/errata/RHSA-2025:21508
https://access.redhat.com/errata/RHSA-2025:21994
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/errata/RHSA-2026:0001
https://access.redhat.com/errata/RHSA-2026:0076
https://access.redhat.com/errata/RHSA-2026:0077
https://access.redhat.com/errata/RHSA-2026:0078
https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/security/cve/CVE-2025-9900
https://bugzilla.redhat.com/show_bug.cgi?id=2392784
https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
https://gitlab.com/libtiff/libtiff/-/issues/704
https://gitlab.com/libtiff/libtiff/-/merge_requests/732
https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html
http://www.openwall.com/lists/oss-security/2025/09/26/3
https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html
https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file