tiff: fix CVE-2025-9900 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-09-30 13:49:25 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-10-03 09:51:17 -0700
commit	15dd68bda1a70ce8b95e442f794951bfe3a54b3a (patch)
tree	9091c4ae9f8ae40a8dd60cd7afc50e008e421f91 /meta/recipes-support/vim/vim.inc
parent	9c9c70625270baeb44b75d4f12b266758eb9cd38 (diff)
download	poky-15dd68bda1a70ce8b95e442f794951bfe3a54b3a.tar.gz

tiff: fix CVE-2025-9900

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.[EOL][EOL]By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-9900 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/3e0dcf0ec651638b2bd849b2e6f3124b36890d99 (From OE-Core rev: f4e5cdeccee02d3ea78db91d5dfdcfd017c40ee0) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-support/vim/vim.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: