tiff: fix CVE-2025-8176 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-08-06 17:54:12 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-08-18 13:18:01 -0700
commit	c2581b7811559bd2220b1d06c027ff612e5295e9 (patch)
tree	22ee564b6b2660178150710717c34414784e23cb /documentation/conf.py
parent	81ab000fa437ca04f584a3327b076f7a512dc6d0 (diff)
download	poky-c2581b7811559bd2220b1d06c027ff612e5295e9.tar.gz

tiff: fix CVE-2025-8176

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8176 Upstream patches: https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0 (From OE-Core rev: 5dbc4ccce8676b016de8c1393c2f0d0f74eb9337) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/conf.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: