tiff: fix CVE-2025-8177

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8177 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1 (From OE-Core rev: fbf3238630c104c9e17d6e902986358cea5986ff) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Yogita Urade <yogita.urade@windriver.com> 2025-08-06 17:54:13 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-08-18 13:18:01 -0700
commit: dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5 (patch)
tree: bd3bc3e39cfd046afae252753df7233337094b59 /meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
parent: c2581b7811559bd2220b1d06c027ff612e5295e9 (diff)
download: poky-dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 6ff31bd0bb..4c9c212312 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -58,6 +58,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://CVE-2025-8176-0001.patch \
           file://CVE-2025-8176-0002.patch \
           file://CVE-2025-8176-0003.patch \
+           file://CVE-2025-8177.patch \
           "
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
author	Yogita Urade <yogita.urade@windriver.com>	2025-08-06 17:54:13 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-08-18 13:18:01 -0700
commit	dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5 (patch)
tree	bd3bc3e39cfd046afae252753df7233337094b59 /meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
parent	c2581b7811559bd2220b1d06c027ff612e5295e9 (diff)
download	poky-dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 6ff31bd0bb..4c9c212312 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -58,6 +58,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
58	file://CVE-2025-8176-0001.patch \	58	file://CVE-2025-8176-0001.patch \
59	file://CVE-2025-8176-0002.patch \	59	file://CVE-2025-8176-0002.patch \
60	file://CVE-2025-8176-0003.patch \	60	file://CVE-2025-8176-0003.patch \
		61	file://CVE-2025-8177.patch \
61	"	62	"
62		63
63	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"	64	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"