mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-17 04:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf30db97f74edcd55d8b3b128b3a959cd9c04da2
poky/meta/recipes-multimedia/libtiff/tiff
History
Yogita Urade 2ce56bd707 tiff: fix CVE-2025-9900 
A flaw was found in Libtiff. This vulnerability is a "write-what-where"
condition, triggered when the library processes a specially crafted TIFF
image file.[EOL][EOL]By providing an abnormally large image height value
in the file's metadata, an attacker can trick the library into writing
attacker-controlled color data to an arbitrary memory location. This
memory corruption can be exploited to cause a denial of service (application
crash) or to achieve arbitrary code execution with the permissions of the user.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9900

Upstream patch:
3e0dcf0ec6

(From OE-Core rev: c1303b8eb4e85a031a175867361876a256bfb763)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-10-09 12:16:45 -07:00
..
CVE-2023-6228.patch
tiff: fix CVE-2023-6228
2024-01-21 12:27:12 +00:00
CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch
tiff: Backport fixes for CVE-2023-6277
2023-12-06 22:55:50 +00:00
CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch
tiff: Backport fixes for CVE-2023-6277
2023-12-06 22:55:50 +00:00
CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch
tiff: Backport fixes for CVE-2023-6277
2023-12-06 22:55:50 +00:00
CVE-2023-52355-0001.patch
tiff: fix CVE-2023-52355 and CVE-2023-52356
2024-02-08 10:53:13 +00:00
CVE-2023-52355-0002.patch
tiff: fix CVE-2023-52355 and CVE-2023-52356
2024-02-08 10:53:13 +00:00
CVE-2023-52356.patch
tiff: fix CVE-2023-52355 and CVE-2023-52356
2024-02-08 10:53:13 +00:00
CVE-2024-7006.patch
Tiff: Security fix for CVE-2024-7006
2024-08-26 05:18:43 -07:00
CVE-2025-9900.patch
tiff: fix CVE-2025-9900
2025-10-09 12:16:45 -07:00