Ubuntu alert USN-7783-1 (tiff)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7783-1] LibTIFF vulnerabilities | |
| Date: | Mon, 29 Sep 2025 17:10:43 +0000 | |
| Message-ID: | <E1v3HOd-0004Mj-PO@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7783-1 September 29, 2025 tiff vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in LibTIFF. Software Description: - tiff: Tag Image File Format (TIFF) library Details: Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF images. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. (CVE-2025-8961) Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF image headers. An attacker could possibly use this issue to cause LibTIFF to leak memory, resulting in a denial of service. (CVE-2025-9165) It was discovered that LibTIFF incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2025-9900) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtiff6 4.5.1+git230720-4ubuntu4.2 Ubuntu 24.04 LTS libtiff6 4.5.1+git230720-4ubuntu2.4 Ubuntu 22.04 LTS libtiff5 4.3.0-6ubuntu0.12 Ubuntu 20.04 LTS libtiff5 4.1.0+git191117-2ubuntu0.20.04.14+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libtiff5 4.0.9-5ubuntu0.10+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS libtiff5 4.0.6-1ubuntu0.8+esm19 Available with Ubuntu Pro Ubuntu 14.04 LTS libtiff5 4.0.3-7ubuntu0.11+esm16 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7783-1 CVE-2025-8961, CVE-2025-9165, CVE-2025-9900 Package Information: https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720... https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720... https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.12
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjau+8ACgkQcpJm3tlz hgGWFBAAj8c4leNyNJM5X4tRLkqEvW/0T6mSyRnoA7TKC4dy1S6tWDjPCdSudVGr 1C6bDwsXeH/Vcao+2+OF/wfcy3RloVOZ/Gjy96SySs4GmVG9ypB7XAngyQbBYL1C k9CeD+vEadDrgr5g7kS5dQbofmdsxk+qH0OS1NlC9Rez4Kq6cOP3UESSr7bI0BYr w4UuVkZkCAcqpm/f6GPmJ2NHKCFDTPD7pQHdyo1AXQbYNXQGmz7K/dCENKCCea1R eotGodyLbodKzrK3R7rmzOMB164nZmumGs622YUFto6JEEdNmafogKFlayJNRAk8 ObSGktL8GFiLqMZO8A4UySjmmXCROLfdVMJVSuOKcjSPI+Zi4SzpG6cDH5tmGaOE 9CvA+6j2UBtGuaEWiJ7Z9e/hAuhQYjoQuniASz8yP5JMPLrJgTxYO7CagVveI+Dg Qa4RHXg6oeKnvEnG6ObaCh5tsanrO3EY9yDyk8QIGO++ewhM/S3hMP0g9PpVZUlY rvF6Qhut1wpb1D6IuImNI58x8LEGfVFkXTjL138RxT5hGcEh8ntyd07bGVEbkN81 vSjm8VJT6HQxB9iMTZK3VCEKQN+tnC/lqYEYqDdm4vc8c6dS75k54XJ7ly5RQYno Wy1AqmzRJPg5CSmRAGUw1mPdQZl32NaqDO8Dz+jetoxndvYMRIw= =HpeC -----END PGP SIGNATURE-----