tiff: fix CVE-2025-8177

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8177 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1 (From OE-Core rev: fbf3238630c104c9e17d6e902986358cea5986ff) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Yogita Urade <yogita.urade@windriver.com> 2025-08-06 17:54:13 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-08-18 13:18:01 -0700
commit: dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5 (patch)
tree: bd3bc3e39cfd046afae252753df7233337094b59
parent: c2581b7811559bd2220b1d06c027ff612e5295e9 (diff)
download: poky-dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch
new file mode 100644
index 0000000000..30dbccd94f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch
@@ -0,0 +1,35 @@
+From e8de4dc1f923576dce9d625caeebd93f9db697e1 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Wed, 25 Jun 2025 17:14:18 +0000
+Subject: [PATCH] Fix for thumbnail issue #715
+CVE: CVE-2025-8177
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ tools/thumbnail.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+diff --git a/tools/thumbnail.c b/tools/thumbnail.c
+index 274705d..8960d36 100644
+--- a/tools/thumbnail.c
+++ b/tools/thumbnail.c
+@@ -538,7 +538,15 @@ setrow(uint8_t* row, uint32_t nrows, const uint8_t* rows[])
+            }
+            acc += bits[*src & mask1];
+        }
+       if (255 * acc / area < 256)
+        {
+        *row++ = cmap[(255*acc)/area];
+        }
+       else
+        {
+            fprintf(stderr, "acc=%d, area=%d\n", acc, area);
+            *row++ = cmap[0];
+        }
+     }
+ }
+--
+2.40.0
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 6ff31bd0bb..4c9c212312 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -58,6 +58,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://CVE-2025-8176-0001.patch \
           file://CVE-2025-8176-0002.patch \
           file://CVE-2025-8176-0003.patch \
+           file://CVE-2025-8177.patch \
           "
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
author	Yogita Urade <yogita.urade@windriver.com>	2025-08-06 17:54:13 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-08-18 13:18:01 -0700
commit	dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5 (patch)
tree	bd3bc3e39cfd046afae252753df7233337094b59
parent	c2581b7811559bd2220b1d06c027ff612e5295e9 (diff)
download	poky-dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch new file mode 100644 index 0000000000..30dbccd94f --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch
@@ -0,0 +1,35 @@
		1	From e8de4dc1f923576dce9d625caeebd93f9db697e1 Mon Sep 17 00:00:00 2001
		2	From: Lee Howard <faxguy@howardsilvan.com>
		3	Date: Wed, 25 Jun 2025 17:14:18 +0000
		4	Subject: [PATCH] Fix for thumbnail issue #715
		5
		6	CVE: CVE-2025-8177
		7	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1]
		8
		9	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		10	---
		11	tools/thumbnail.c \| 8 ++++++++
		12	1 file changed, 8 insertions(+)
		13
		14	diff --git a/tools/thumbnail.c b/tools/thumbnail.c
		15	index 274705d..8960d36 100644
		16	--- a/tools/thumbnail.c
		17	+++ b/tools/thumbnail.c
		18	@@ -538,7 +538,15 @@ setrow(uint8_t* row, uint32_t nrows, const uint8_t* rows[])
		19	}
		20	acc += bits[*src & mask1];
		21	}
		22	+ if (255 * acc / area < 256)
		23	+ {
		24	row++ = cmap[(255acc)/area];
		25	+ }
		26	+ else
		27	+ {
		28	+ fprintf(stderr, "acc=%d, area=%d\n", acc, area);
		29	+ *row++ = cmap[0];
		30	+ }
		31	}
		32	}
		33
		34	--
		35	2.40.0


diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 6ff31bd0bb..4c9c212312 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -58,6 +58,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
58	file://CVE-2025-8176-0001.patch \	58	file://CVE-2025-8176-0001.patch \
59	file://CVE-2025-8176-0002.patch \	59	file://CVE-2025-8176-0002.patch \
60	file://CVE-2025-8176-0003.patch \	60	file://CVE-2025-8176-0003.patch \
		61	file://CVE-2025-8177.patch \
61	"	62	"
62		63
63	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"	64	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"