Detections
Analytics
CVE-2025-9900
high
Description
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
References
https://access.redhat.com/errata/RHSA-2025:21508
https://access.redhat.com/errata/RHSA-2025:21507
https://access.redhat.com/errata/RHSA-2025:21506
https://access.redhat.com/errata/RHSA-2025:21407
https://access.redhat.com/errata/RHSA-2025:21062
https://access.redhat.com/errata/RHSA-2025:21061
https://access.redhat.com/errata/RHSA-2025:21060
https://access.redhat.com/errata/RHSA-2025:20998
https://access.redhat.com/errata/RHSA-2025:20956
https://access.redhat.com/errata/RHSA-2025:19947
https://access.redhat.com/errata/RHSA-2025:19906
https://access.redhat.com/errata/RHSA-2025:19276
https://access.redhat.com/errata/RHSA-2025:19156
https://access.redhat.com/errata/RHSA-2025:19113
https://access.redhat.com/errata/RHSA-2025:17740
https://access.redhat.com/errata/RHSA-2025:17739
https://access.redhat.com/errata/RHSA-2025:17738
https://access.redhat.com/errata/RHSA-2025:17710
https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html
https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html
https://gitlab.com/libtiff/libtiff/-/merge_requests/732
https://gitlab.com/libtiff/libtiff/-/issues/704
https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
https://bugzilla.redhat.com/show_bug.cgi?id=2392784