CVE-2025-9900
Libtiff: libtiff write-what-where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
libtiffRed Hat · Red Hat AI Inference Server 3.2Red Hat · Red Hat Discovery 2Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat · Red Hat Hardened ImagesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2025:17651https://access.redhat.com/errata/RHSA-2025:17675https://access.redhat.com/errata/RHSA-2025:17710https://access.redhat.com/errata/RHSA-2025:17738https://access.redhat.com/errata/RHSA-2025:17739https://access.redhat.com/errata/RHSA-2025:17740https://access.redhat.com/errata/RHSA-2025:19113https://access.redhat.com/errata/RHSA-2025:19156https://access.redhat.com/errata/RHSA-2025:19276https://access.redhat.com/errata/RHSA-2025:19906https://access.redhat.com/errata/RHSA-2025:19947https://access.redhat.com/errata/RHSA-2025:20956