USN-7783-1
- Source
- https://ubuntu.com/security/notices/USN-7783-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7783-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7783-1
- Upstream
- Related
- Published
- 2025-09-29T14:08:03Z
- Modified
- 2026-05-20T16:06:16.396470412Z
- Summary
- tiff vulnerabilities
- Details
-
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF images. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. (CVE-2025-8961)
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF image headers. An attacker could possibly use this issue to cause LibTIFF to leak memory, resulting in a denial of service. (CVE-2025-9165)
It was discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2025-9900)
- References
Affected packages
Ubuntu:22.04:LTS
tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.0-6ubuntu0.12
Affected versions
4.*
4.3.0-1
4.3.0-2
4.3.0-3
4.3.0-3build1
4.3.0-4
4.3.0-5
4.3.0-6
4.3.0-6ubuntu0.1
4.3.0-6ubuntu0.2
4.3.0-6ubuntu0.3
4.3.0-6ubuntu0.4
4.3.0-6ubuntu0.5
4.3.0-6ubuntu0.6
4.3.0-6ubuntu0.7
4.3.0-6ubuntu0.8
4.3.0-6ubuntu0.9
4.3.0-6ubuntu0.10
4.3.0-6ubuntu0.11
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.0-6ubuntu0.12",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.3.0-6ubuntu0.12",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.3.0-6ubuntu0.12",
"binary_name": "libtiff5"
},
{
"binary_version": "4.3.0-6ubuntu0.12",
"binary_name": "libtiffxx5"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7783-1.json"
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2025-8961",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9165",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9900",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
]
}
Ubuntu:24.04:LTS
tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5.1+git230720-4ubuntu2.4
Affected versions
4.*
4.5.1+git230720-1ubuntu1
4.5.1+git230720-3ubuntu1
4.5.1+git230720-4ubuntu1
4.5.1+git230720-4ubuntu2
4.5.1+git230720-4ubuntu2.1
4.5.1+git230720-4ubuntu2.2
4.5.1+git230720-4ubuntu2.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.5.1+git230720-4ubuntu2.4",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.5.1+git230720-4ubuntu2.4",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.5.1+git230720-4ubuntu2.4",
"binary_name": "libtiff6"
},
{
"binary_version": "4.5.1+git230720-4ubuntu2.4",
"binary_name": "libtiffxx6"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7783-1.json"
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2025-8961",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9165",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9900",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
]
}
Ubuntu:Pro:14.04:LTS
tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.3-7ubuntu0.11+esm16
Affected versions
4.*
4.0.2-4ubuntu3
4.0.3-5ubuntu1
4.0.3-6
4.0.3-6ubuntu1
4.0.3-7
4.0.3-7ubuntu0.1
4.0.3-7ubuntu0.2
4.0.3-7ubuntu0.3
4.0.3-7ubuntu0.4
4.0.3-7ubuntu0.6
4.0.3-7ubuntu0.7
4.0.3-7ubuntu0.8
4.0.3-7ubuntu0.9
4.0.3-7ubuntu0.10
4.0.3-7ubuntu0.11
4.0.3-7ubuntu0.11+esm1
4.0.3-7ubuntu0.11+esm2
4.0.3-7ubuntu0.11+esm3
4.0.3-7ubuntu0.11+esm4
4.0.3-7ubuntu0.11+esm5
4.0.3-7ubuntu0.11+esm6
4.0.3-7ubuntu0.11+esm7
4.0.3-7ubuntu0.11+esm8
4.0.3-7ubuntu0.11+esm9
4.0.3-7ubuntu0.11+esm10
4.0.3-7ubuntu0.11+esm11
4.0.3-7ubuntu0.11+esm12
4.0.3-7ubuntu0.11+esm13
4.0.3-7ubuntu0.11+esm14
4.0.3-7ubuntu0.11+esm15
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.0.3-7ubuntu0.11+esm16",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.0.3-7ubuntu0.11+esm16",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.0.3-7ubuntu0.11+esm16",
"binary_name": "libtiff5"
},
{
"binary_version": "4.0.3-7ubuntu0.11+esm16",
"binary_name": "libtiffxx5"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"cves": [
{
"id": "CVE-2025-8961",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9165",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9900",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7783-1.json"
Ubuntu:Pro:16.04:LTS
tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.6-1ubuntu0.8+esm19
Affected versions
4.*
4.0.3-12.3ubuntu2
4.0.5-1
4.0.6-1
4.0.6-1ubuntu0.1
4.0.6-1ubuntu0.2
4.0.6-1ubuntu0.3
4.0.6-1ubuntu0.4
4.0.6-1ubuntu0.5
4.0.6-1ubuntu0.6
4.0.6-1ubuntu0.7
4.0.6-1ubuntu0.8
4.0.6-1ubuntu0.8+esm1
4.0.6-1ubuntu0.8+esm2
4.0.6-1ubuntu0.8+esm3
4.0.6-1ubuntu0.8+esm4
4.0.6-1ubuntu0.8+esm6
4.0.6-1ubuntu0.8+esm7
4.0.6-1ubuntu0.8+esm8
4.0.6-1ubuntu0.8+esm9
4.0.6-1ubuntu0.8+esm10
4.0.6-1ubuntu0.8+esm11
4.0.6-1ubuntu0.8+esm12
4.0.6-1ubuntu0.8+esm13
4.0.6-1ubuntu0.8+esm14
4.0.6-1ubuntu0.8+esm15
4.0.6-1ubuntu0.8+esm16
4.0.6-1ubuntu0.8+esm17
4.0.6-1ubuntu0.8+esm18
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.0.6-1ubuntu0.8+esm19",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.0.6-1ubuntu0.8+esm19",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.0.6-1ubuntu0.8+esm19",
"binary_name": "libtiff5"
},
{
"binary_version": "4.0.6-1ubuntu0.8+esm19",
"binary_name": "libtiffxx5"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Ubuntu:Pro:18.04:LTS
tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.9-5ubuntu0.10+esm9
Affected versions
4.*
4.0.8-5
4.0.8-6
4.0.9-1
4.0.9-2
4.0.9-3
4.0.9-4
4.0.9-4ubuntu1
4.0.9-5
4.0.9-5ubuntu0.1
4.0.9-5ubuntu0.2
4.0.9-5ubuntu0.3
4.0.9-5ubuntu0.4
4.0.9-5ubuntu0.5
4.0.9-5ubuntu0.6
4.0.9-5ubuntu0.7
4.0.9-5ubuntu0.8
4.0.9-5ubuntu0.9
4.0.9-5ubuntu0.10
4.0.9-5ubuntu0.10+esm1
4.0.9-5ubuntu0.10+esm2
4.0.9-5ubuntu0.10+esm3
4.0.9-5ubuntu0.10+esm4
4.0.9-5ubuntu0.10+esm5
4.0.9-5ubuntu0.10+esm6
4.0.9-5ubuntu0.10+esm7
4.0.9-5ubuntu0.10+esm8
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.0.9-5ubuntu0.10+esm9",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.0.9-5ubuntu0.10+esm9",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.0.9-5ubuntu0.10+esm9",
"binary_name": "libtiff5"
},
{
"binary_version": "4.0.9-5ubuntu0.10+esm9",
"binary_name": "libtiffxx5"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Database specific
cves_map
{
"cves": [
{
"id": "CVE-2025-8961",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9165",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9900",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7783-1.json"
Ubuntu:Pro:20.04:LTS
tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0+git191117-2ubuntu0.20.04.14+esm2
Affected versions
4.*
4.0.10+git191003-1
4.1.0+git191117-1
4.1.0+git191117-2
4.1.0+git191117-2build1
4.1.0+git191117-2ubuntu0.20.04.1
4.1.0+git191117-2ubuntu0.20.04.2
4.1.0+git191117-2ubuntu0.20.04.3
4.1.0+git191117-2ubuntu0.20.04.4
4.1.0+git191117-2ubuntu0.20.04.5
4.1.0+git191117-2ubuntu0.20.04.6
4.1.0+git191117-2ubuntu0.20.04.7
4.1.0+git191117-2ubuntu0.20.04.8
4.1.0+git191117-2ubuntu0.20.04.9
4.1.0+git191117-2ubuntu0.20.04.10
4.1.0+git191117-2ubuntu0.20.04.11
4.1.0+git191117-2ubuntu0.20.04.12
4.1.0+git191117-2ubuntu0.20.04.13
4.1.0+git191117-2ubuntu0.20.04.14
4.1.0+git191117-2ubuntu0.20.04.14+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm2",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm2",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm2",
"binary_name": "libtiff5"
},
{
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm2",
"binary_name": "libtiffxx5"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7783-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"cves": [
{
"id": "CVE-2025-8961",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9165",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2025-9900",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
]
}