OESA-2025-2048

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2048

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-2048.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-2048

Upstream

CVE-2025-8534

CVE-2025-8851

Published

2025-08-15T12:40:17Z

Modified

2025-08-15T16:48:23.833942Z

Summary

libtiff security update

Details

This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.

Security Fix(es):

LibTIFF is a library for reading and writing TIFF (label image file format) files that are open source. This library contains some command-line tools for handling TIFF files. There is a security vulnerability in the 4.6.0 version of LibTIFF, which originates from the dereference of the null pointer of the function PS_Lvl2page in the file tools/tiff2ps.c.(CVE-2025-8534)

A vulnerability was found in LibTIFF up to 4.5.1 (Image Processing Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Impacted is confidentiality, integrity, and availability.Applying the patch 8a7a48d7a645992ca83062b3a1873c951661e2b3 is able to eliminate this problem. The bugfix is ready for download at gitlab.com.(CVE-2025-8851)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / libtiff

Package

Name: libtiff
Purl: pkg:rpm/openEuler/libtiff&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-42.oe2203sp3

Ecosystem specific

{
    "src": [
        "libtiff-4.3.0-42.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "libtiff-4.3.0-42.oe2203sp3.aarch64.rpm",
        "libtiff-debuginfo-4.3.0-42.oe2203sp3.aarch64.rpm",
        "libtiff-debugsource-4.3.0-42.oe2203sp3.aarch64.rpm",
        "libtiff-devel-4.3.0-42.oe2203sp3.aarch64.rpm",
        "libtiff-static-4.3.0-42.oe2203sp3.aarch64.rpm",
        "libtiff-tools-4.3.0-42.oe2203sp3.aarch64.rpm"
    ],
    "noarch": [
        "libtiff-help-4.3.0-42.oe2203sp3.noarch.rpm"
    ],
    "x86_64": [
        "libtiff-4.3.0-42.oe2203sp3.x86_64.rpm",
        "libtiff-debuginfo-4.3.0-42.oe2203sp3.x86_64.rpm",
        "libtiff-debugsource-4.3.0-42.oe2203sp3.x86_64.rpm",
        "libtiff-devel-4.3.0-42.oe2203sp3.x86_64.rpm",
        "libtiff-static-4.3.0-42.oe2203sp3.x86_64.rpm",
        "libtiff-tools-4.3.0-42.oe2203sp3.x86_64.rpm"
    ]
}