Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF images. An attacker could possibly use
this issue to cause LibTIFF to crash, resulting in a denial of service.
(CVE-2025-8961)
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF image headers. An attacker could
possibly use this issue to cause LibTIFF to leak memory, resulting in a
denial of service. (CVE-2025-9165)
It was discovered that LibTIFF incorrectly handled memory when parsing
malformed TIFF image metadata. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2025-9900)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libtiff6 4.5.1+git230720-4ubuntu4.2
Ubuntu 24.04 LTS
libtiff6 4.5.1+git230720-4ubuntu2.4
Ubuntu 22.04 LTS
libtiff5 4.3.0-6ubuntu0.12
Ubuntu 20.04 LTS
libtiff5 4.1.0+git191117-2ubuntu0.20.04.14+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libtiff5 4.0.9-5ubuntu0.10+esm9
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libtiff5 4.0.6-1ubuntu0.8+esm19
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libtiff5 4.0.3-7ubuntu0.11+esm16
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7783-1
CVE-2025-8961, CVE-2025-9165, CVE-2025-9900
Get the latest Linux and open source security news straight to your inbox.