NIXPKGS-2025-0002 published on 30 Oct 2025 CVE-2025-9900 updated 2 months, 3 weeks ago by @balsoft Activity log Created automatic suggestion 3 months, 3 weeks ago @balsoft accepted as draft 2 months, 3 weeks ago @balsoft removed 3 maintainers @sikmir @imincik @nialov 2 months, 3 weeks ago @balsoft added maintainer @balsoft 2 months, 3 weeks ago @balsoft published on GitHub 2 months, 3 weeks ago Libtiff: libtiff write-what-where A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Affected products libtiff * <4.7.1 mingw-libtiff * compat-libtiff3 * spice-client-win * rhaiis/vllm-cuda-rhel9 * rhaiis/vllm-rocm-rhel9 * rhaiis/model-opt-cuda-rhel9 * discovery/discovery-ui-rhel9 * Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixpkgs-unstable 4.7.0 nixos-unstable-small 4.7.0 nixos-25.05 4.7.0 nixos-25.05-small 4.7.0 nixpkgs-25.05-darwin 4.7.0 Package maintainers: 5 @willcohen Will Cohen @l0b0 Victor Engmark <victor@engmark.name> @nh2 Niklas Hambüchen <mail@nh2.me> @autra Augustin Trancart <augustin.trancart@gmail.com> @balsoft Alexander Bantyev <balsoft75@gmail.com>
CVE-2025-9900 updated 2 months, 3 weeks ago by @balsoft Activity log Created automatic suggestion 3 months, 3 weeks ago @balsoft accepted as draft 2 months, 3 weeks ago @balsoft removed 3 maintainers @sikmir @imincik @nialov 2 months, 3 weeks ago @balsoft added maintainer @balsoft 2 months, 3 weeks ago @balsoft published on GitHub 2 months, 3 weeks ago Libtiff: libtiff write-what-where A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Affected products libtiff * <4.7.1 mingw-libtiff * compat-libtiff3 * spice-client-win * rhaiis/vllm-cuda-rhel9 * rhaiis/vllm-rocm-rhel9 * rhaiis/model-opt-cuda-rhel9 * discovery/discovery-ui-rhel9 * Matching in nixpkgs pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixpkgs-unstable 4.7.0 nixos-unstable-small 4.7.0 nixos-25.05 4.7.0 nixos-25.05-small 4.7.0 nixpkgs-25.05-darwin 4.7.0 Package maintainers: 5 @willcohen Will Cohen @l0b0 Victor Engmark <victor@engmark.name> @nh2 Niklas Hambüchen <mail@nh2.me> @autra Augustin Trancart <augustin.trancart@gmail.com> @balsoft Alexander Bantyev <balsoft75@gmail.com>
pkgs.libtiff Library and utilities for working with the TIFF image file format nixos-unstable 4.7.0 nixpkgs-unstable 4.7.0 nixos-unstable-small 4.7.0 nixos-25.05 4.7.0 nixos-25.05-small 4.7.0 nixpkgs-25.05-darwin 4.7.0