tiff: fix CVE-2025-9900 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-09-30 13:47:48 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-10-09 12:16:45 -0700
commit	2ce56bd707939989cffa77944943e76cbe502d87 (patch)
tree	1a4967c8c3669cc71122fa521cd31e96057182d7 /scripts/lib/devtool/build-image.py
parent	eae801c832ab1a8d5ef970c58db9dc1fea47fa3b (diff)
download	poky-2ce56bd707939989cffa77944943e76cbe502d87.tar.gz

tiff: fix CVE-2025-9900

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.[EOL][EOL]By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-9900 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/3e0dcf0ec651638b2bd849b2e6f3124b36890d99 (From OE-Core rev: c1303b8eb4e85a031a175867361876a256bfb763) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build-image.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: