NIXPKGS-2025-0002

published on 30 Oct 2025

Permalink CVE-2025-9900

updated 3 months, 1 week ago by @balsoft Activity log

Created automatic suggestion 4 months, 2 weeks ago
@balsoft accepted 3 months, 1 week ago
@balsoft removed
3 maintainers
- @sikmir
- @imincik
- @nialov
3 months, 1 week ago
@balsoft added maintainer @balsoft 3 months, 1 week ago
@balsoft published on GitHub 3 months, 1 week ago

Libtiff: libtiff write-what-where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

Affected products

libtiff

<4.7.1
*

mingw-libtiff

compat-libtiff3

spice-client-win

rhaiis/vllm-cuda-rhel9

rhaiis/vllm-rocm-rhel9

rhaiis/model-opt-cuda-rhel9

discovery/discovery-ui-rhel9

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable 4.7.0
- nixpkgs-unstable 4.7.0
- nixos-unstable-small 4.7.0

Package maintainers

@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>

Ignored maintainers (3)

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Additional maintainers

@balsoft Alexander Bantyev <balsoft75@gmail.com>

Nixpkgs Security Tracker

Details of issue NIXPKGS-2025-0002

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers

Additional maintainers