Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 25.04: LibTIFF Critical DoS Issues USN-7783-1 CVE-2025-8961

ubuntu
Calendar Grey September 29, 2025
Scroller Ubuntu
Multiple issues fixed in LibTIFF affecting various Ubuntu releases pose risks including DoS and sensitive info leaks.
Several security issues were fixed in LibTIFF.

Summary

Several security issues were fixed in LibTIFF.

Software Description:

- tiff: Tag Image File Format (TIFF) library

Details:

Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled

memory when parsing malformed TIFF images. An attacker could possibly use

this issue to cause LibTIFF to crash, resulting in a denial of service.

(CVE-2025-8961)

Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled

memory when parsing malformed TIFF image headers. An attacker could

possibly use this issue to cause LibTIFF to leak memory, resulting in a

denial of service. (CVE-2025-9165)

It was discovered that LibTIFF incorrectly handled memory when parsing

malformed TIFF image metadata. An attacker could possibly use this issue to

cause a denial of service, obtain sensitive information, or execute

arbitrary code. (CVE-2025-9900)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libtiff6                        4.5.1+git230720-4ubuntu4.2

Ubuntu 24.04 LTS
  libtiff6                        4.5.1+git230720-4ubuntu2.4

Ubuntu 22.04 LTS
  libtiff5                        4.3.0-6ubuntu0.12

Ubuntu 20.04 LTS
  libtiff5                        4.1.0+git191117-2ubuntu0.20.04.14+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libtiff5                        4.0.9-5ubuntu0.10+esm9
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libtiff5                        4.0.6-1ubuntu0.8+esm19
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libtiff5                        4.0.3-7ubuntu0.11+esm16
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7783-1

CVE-2025-8961, CVE-2025-9165, CVE-2025-9900

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7783-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.