Synopsis:
libtiff security updateSummary:
An update for libtiff is now available for openEuler-22.03-LTS-SP3Description:
This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.
Security Fix(es):
LibTIFF is a library for reading and writing TIFF (label image file format) files that are open source. This library contains some command-line tools for handling TIFF files. There is a security vulnerability in the 4.6.0 version of LibTIFF, which originates from the dereference of the null pointer of the function PS_Lvl2page in the file tools/tiff2ps.c.(CVE-2025-8534)
A vulnerability was found in LibTIFF up to 4.5.1 (Image Processing Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Impacted is confidentiality, integrity, and availability.Applying the patch 8a7a48d7a645992ca83062b3a1873c951661e2b3 is able to eliminate this problem. The bugfix is ready for download at gitlab.com.(CVE-2025-8851)Topic:
An update for libtiff is now available for openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
MediumAffected Component:
libtiff
4.3.0-42.oe2203sp34.3.0-42.oe2203sp34.3.0-42.oe2203sp34.3.0-42.oe2203sp34.3.0-42.oe2203sp34.3.0-42.oe2203sp34.3.0-42.oe2203sp3Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:LI:LA:L5.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L