Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 42: tkimg 2.1.0 Critical Buffer Overflow FTBFS 2025-419c60783f

fedora
Calendar Grey December 28, 2025
Dist Fedora Esm H88
Fedora 42 packs tkimg 2.1.0 with fixes for critical security flaws linked to LibTIFF and libpng.
Update to 2.1.0

Summary

This package contains a collection of image format handlers for the Tk

photo image type, and a new image type, pixmaps.

Update Information:

Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built against TCL/TK 9. Fix FTBFS.

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical use-after-free pointer arithmetic

Change Log

* Thu Dec 18 2025 Tom Callaway - 2.1.0-1 - update to 2.1.0 - update the bundled copy of libpng to 1.6.53 - update the bundled copy of libtiff to 4.7.1 - build for tcl/tk 9 * Fri Jul 25 2025 Fedora Release Engineering - 1.4.16-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2337800 - Please update the package for the 'Tcl/Tk 9.0' Fedora change https://bugzilla.redhat.com/show_bug.cgi?id=2337800 [ 2 ] Bug #2366434 - CVE-2025-4638 tkimg: Improper Pointer Arithmetic in pcl [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366434 [ 3 ] Bug #2383825 - CVE-2025-8176 tkimg: LibTIFF Use-After-Free Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2383825 [ 4 ] Bug #2383831 - CVE-2025-8177 tkimg: LibTIFF Buffer Overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2383831 [ 5 ] Bug #2385697 - tkimg: FTBFS in Fedora rawhide/f43 https://bugzilla.redhat.com/show_bug.cgi?id=2385697 [ 6 ] Bug #2386206 - CVE-2024-13978 tkimg: LibTIFF Null Pointer Dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2386206 [ 7 ] Bug #2387669 - CVE-2025-8851 tkimg: LibTIFF Stack-based buffer overflow [fedora-42] https://bugzilla.redhat.com/...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-419c60783f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: tkimg
Product: Fedora 42
Version: 2.1.0
Release: 1.fc42
URL: http://sourceforge.net/projects/tkimg
Summary: Image support library for Tk

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical use-after-free pointer arithmetic

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here