mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-14 20:27:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1811a2d13e212c80da5be41515872ee404079929
poky/meta/recipes-multimedia
History
Yogita Urade 15dd68bda1 tiff: fix CVE-2025-9900 
A flaw was found in Libtiff. This vulnerability is a "write-what-where"
condition, triggered when the library processes a specially crafted TIFF
image file.[EOL][EOL]By providing an abnormally large image height value
in the file's metadata, an attacker can trick the library into writing
attacker-controlled color data to an arbitrary memory location. This
memory corruption can be exploited to cause a denial of service (application
crash) or to achieve arbitrary code execution with the permissions of the user.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9900

Upstream patch:
3e0dcf0ec6

(From OE-Core rev: f4e5cdeccee02d3ea78db91d5dfdcfd017c40ee0)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-10-03 09:51:17 -07:00
..
alsa
alsa-plugins: fix libavtp vs. avtp packageconfig
2022-06-11 10:06:13 +01:00
ffmpeg
ffmpeg: fix CVE-2025-1594
2025-09-12 09:24:24 -07:00
flac
flac: fix CVE-2020-22219
2023-09-18 04:28:03 -10:00
gstreamer
gstreamer1.0-plugins-base: fix CVE-2025-47807
2025-08-29 08:33:33 -07:00
lame
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
liba52
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libogg
libogg: upgrade 1.3.4 -> 1.3.5
2021-06-12 22:54:14 +01:00
libomxil
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libpng
libpng: Improve ptest
2025-06-20 08:06:30 -07:00
libsamplerate
libsamplerate0: update 0.1.9 -> 0.2.2
2021-11-21 11:05:01 +00:00
libsndfile
libsndfile1: Backport fix for CVE-2022-33065
2025-01-09 08:41:03 -08:00
libtheora
libtheora: Clarify BSD license variant
2019-10-15 14:16:11 +01:00
libtiff
tiff: fix CVE-2025-9900
2025-10-03 09:51:17 -07:00
libvorbis
meta: fix some unresponsive homepages and bugtracker links
2020-10-30 13:22:48 +00:00
mpeg2dec
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
mpg123
mpg123: fix CVE-2024-10573
2025-03-19 07:13:17 -07:00
pulseaudio
pulseaudio: Add audio group explicitly
2025-09-08 08:27:11 -07:00
sbc
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
speex
speex: fix CVE-2020-23903
2022-01-17 11:49:12 +00:00
webp
libwebp: Fix CVE-2023-4863
2023-11-14 06:49:11 -10:00
x264
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00