affected published on 30 Oct 2025 CVE-2025-9900 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month, 3 weeks ago by @balsoft Activity log Created automatic suggestion 2 months, 3 weeks ago @balsoft accepted as draft 1 month, 3 weeks ago @balsoft removed 3 maintainers @sikmir @imincik @nialov 1 month, 3 weeks ago @balsoft added maintainer @balsoft 1 month, 3 weeks ago @balsoft update 1 month, 3 weeks ago update Libtiff: libtiff write-what-where A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Affected products libtiff * <4.7.1 mingw-libtiff * compat-libtiff3 * Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-25.05 4.7.0 nixpkgs-25.05-darwin 4.7.0 nixos-25.05-small 4.7.0 nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0 Package maintainers: 5 @autra Augustin Trancart <augustin.trancart@gmail.com> @nh2 Niklas Hambüchen <mail@nh2.me> @l0b0 Victor Engmark <victor@engmark.name> @willcohen Will Cohen @balsoft Alexander Bantyev <balsoft75@gmail.com> Permalink
CVE-2025-9900 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month, 3 weeks ago by @balsoft Activity log Created automatic suggestion 2 months, 3 weeks ago @balsoft accepted as draft 1 month, 3 weeks ago @balsoft removed 3 maintainers @sikmir @imincik @nialov 1 month, 3 weeks ago @balsoft added maintainer @balsoft 1 month, 3 weeks ago @balsoft update 1 month, 3 weeks ago update Libtiff: libtiff write-what-where A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Affected products libtiff * <4.7.1 mingw-libtiff * compat-libtiff3 * Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-25.05 4.7.0 nixpkgs-25.05-darwin 4.7.0 nixos-25.05-small 4.7.0 nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0 Package maintainers: 5 @autra Augustin Trancart <augustin.trancart@gmail.com> @nh2 Niklas Hambüchen <mail@nh2.me> @l0b0 Victor Engmark <victor@engmark.name> @willcohen Will Cohen @balsoft Alexander Bantyev <balsoft75@gmail.com>
pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-25.05 4.7.0 nixpkgs-25.05-darwin 4.7.0 nixos-25.05-small 4.7.0 nixos-unstable 4.7.0 nixos-unstable-small 4.7.0 nixpkgs-unstable 4.7.0
affected published on 29 Oct 2025 CVE-2025-8067 8.5 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): HIGH updated 1 month, 3 weeks ago by @balsoft Activity log Created automatic suggestion 3 months ago @balsoft added maintainer @balsoft 1 month, 3 weeks ago @balsoft accepted as draft 1 month, 3 weeks ago @balsoft update 1 month, 3 weeks ago update Udisks: out-of-bounds read in udisks daemon A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users. Affected products udisks udisks2 * Matching in nixpkgs pkgs.udisks2 Daemon, tools and libraries to access and manipulate disks, storage devices and technologies nixos-unstable ??? nixpkgs-unstable 2.10.2 Package maintainers: 3 @jtojnar Jan Tojnar <jtojnar@gmail.com> @JohnAZoidberg Daniel Schäfer <git@danielschaefer.me> @balsoft Alexander Bantyev <balsoft75@gmail.com> Permalink
CVE-2025-8067 8.5 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): HIGH updated 1 month, 3 weeks ago by @balsoft Activity log Created automatic suggestion 3 months ago @balsoft added maintainer @balsoft 1 month, 3 weeks ago @balsoft accepted as draft 1 month, 3 weeks ago @balsoft update 1 month, 3 weeks ago update Udisks: out-of-bounds read in udisks daemon A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users. Affected products udisks udisks2 * Matching in nixpkgs pkgs.udisks2 Daemon, tools and libraries to access and manipulate disks, storage devices and technologies nixos-unstable ??? nixpkgs-unstable 2.10.2 Package maintainers: 3 @jtojnar Jan Tojnar <jtojnar@gmail.com> @JohnAZoidberg Daniel Schäfer <git@danielschaefer.me> @balsoft Alexander Bantyev <balsoft75@gmail.com>
pkgs.udisks2 Daemon, tools and libraries to access and manipulate disks, storage devices and technologies nixos-unstable ??? nixpkgs-unstable 2.10.2