CVE-2025-9900
- Source
- https://cve.org/CVERecord?id=CVE-2025-9900
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-9900.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-9900
- Downstream
- Related
- Published
- 2025-09-23T16:26:22.846Z
- Modified
- 2026-05-26T03:53:08.541090585Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Libtiff: libtiff write-what-where
- Details
-
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
- Database specific
{ "cna_assigner": "redhat", "cwe_ids": [ "CWE-123" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9900.json" }- References
-
- http://www.openwall.com/lists/oss-security/2025/09/26/3
- https://access.redhat.com/downloads/content/package-browser/
- https://catalog.redhat.com/software/containers/
- https://libtiff.gitlab.io/libtiff/
- https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html
- https://access.redhat.com/errata/RHSA-2025:17651
- https://access.redhat.com/errata/RHSA-2025:17675
- https://access.redhat.com/errata/RHSA-2025:17710
- https://access.redhat.com/errata/RHSA-2025:17738
- https://access.redhat.com/errata/RHSA-2025:17739
- https://access.redhat.com/errata/RHSA-2025:17740
- https://access.redhat.com/errata/RHSA-2025:19113
- https://access.redhat.com/errata/RHSA-2025:19156
- https://access.redhat.com/errata/RHSA-2025:19276
- https://access.redhat.com/errata/RHSA-2025:19906
- https://access.redhat.com/errata/RHSA-2025:19947
- https://access.redhat.com/errata/RHSA-2025:20956
- https://access.redhat.com/errata/RHSA-2025:20998
- https://access.redhat.com/errata/RHSA-2025:21060
- https://access.redhat.com/errata/RHSA-2025:21061
- https://access.redhat.com/errata/RHSA-2025:21062
- https://access.redhat.com/errata/RHSA-2025:21407
- https://access.redhat.com/errata/RHSA-2025:21506
- https://access.redhat.com/errata/RHSA-2025:21507
- https://access.redhat.com/errata/RHSA-2025:21508
- https://access.redhat.com/errata/RHSA-2025:21994
- https://access.redhat.com/errata/RHSA-2025:23078
- https://access.redhat.com/errata/RHSA-2025:23079
- https://access.redhat.com/errata/RHSA-2025:23080
- https://access.redhat.com/errata/RHSA-2026:0001
- https://access.redhat.com/errata/RHSA-2026:0076
- https://access.redhat.com/errata/RHSA-2026:0077
- https://access.redhat.com/errata/RHSA-2026:0078
- https://access.redhat.com/errata/RHSA-2026:3461
- https://access.redhat.com/errata/RHSA-2026:3462
- https://access.redhat.com/errata/RHSA-2026:7504
- https://access.redhat.com/security/cve/CVE-2025-9900
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9900.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-9900
- https://bugzilla.redhat.com/show_bug.cgi?id=2392784
- https://gitlab.com/libtiff/libtiff/-/issues/704
- https://gitlab.com/libtiff/libtiff/-/merge_requests/732
- https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
- https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html
Affected packages
Git / gitlab.com/libtiff/libtiff
Affected versions
v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1
v4.5.0
v4.5.0rc2
v4.5.0rc3
v4.5.1
v4.5.1rc1
v4.5.1rc2
v4.5.1rc3
v4.6.0rc1
v4.7.0
v4.7.0rc1
v4.7.0rc2