Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 25.04: LibTIFF Critical DoS Issues USN-7783-1 CVE-2025-8961

ubuntu
Calendar Grey September 29, 2025
Dist Ubuntu Esm H88
Multiple issues fixed in LibTIFF affecting various Ubuntu releases pose risks including DoS and sensitive info leaks.
Several security issues were fixed in LibTIFF.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in LibTIFF. Software Description: - tiff: Tag Image File Format (TIFF) library Details: Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF images. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. (CVE-2025-8961) Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF image headers. An attacker could possibly use this issue to cause LibTIFF to leak memory, resulting in a denial of service. (CVE-2025-9165) It was discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, o...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu libtiff tiff vulnerabilities

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtiff6 4.5.1+git230720-4ubuntu4.2 Ubuntu 24.04 LTS libtiff6 4.5.1+git230720-4ubuntu2.4 Ubuntu 22.04 LTS libtiff5 4.3.0-6ubuntu0.12 Ubuntu 20.04 LTS libtiff5 4.1.0+git191117-2ubuntu0.20.04.14+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libtiff5 4.0.9-5ubuntu0.10+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS libtiff5 4.0.6-1ubuntu0.8+esm19 Available with Ubuntu Pro Ubuntu 14.04 LTS libtiff5 4.0.3-7ubuntu0.11+esm16 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7783-1

CVE-2025-8961, CVE-2025-9165, CVE-2025-9900

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7783-1

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu libtiff tiff vulnerabilities

Package Information

https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu4.2 https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.4 https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here