From dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5 Mon Sep 17 00:00:00 2001 From: Yogita Urade Date: Wed, 6 Aug 2025 17:54:13 +0530 Subject: tiff: fix CVE-2025-8177 A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8177 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1 (From OE-Core rev: fbf3238630c104c9e17d6e902986358cea5986ff) Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-multimedia/libtiff/tiff_4.3.0.bb') diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 6ff31bd0bb..4c9c212312 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -58,6 +58,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2025-8176-0001.patch \ file://CVE-2025-8176-0002.patch \ file://CVE-2025-8176-0003.patch \ + file://CVE-2025-8177.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" -- cgit v1.2.3-54-g00ecf