git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Yogita Urade <yogita.urade@windriver.com>
	Tue, 26 Aug 2025 10:48:34 +0000 (16:18 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 1 Sep 2025 15:24:33 +0000 (08:24 -0700)
commit	1ced84bbd4ab15f0f16176e367744b496a0ea97c
tree	7142a81d34b8f2c11d8d126baffd41fa44c3c19f	tree \| snapshot
parent	c897368cd363d3e50372ab1fc95bc31f1a883dc4	commit \| diff

tiff: fix CVE-2025-8851

A vulnerability was determined in LibTIFF up to 4.5.1. Affected
by this issue is the function readSeparateStripsetoBuffer of the
file tools/tiffcrop.c of the component tiffcrop. The manipulation
leads to stack-based buffer overflow. Local access is required to
approach this attack. The patch is identified as
8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to
apply a patch to fix this issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8851

Upstream patch:
https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-multimedia/libtiff/tiff/CVE-2025-8851.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb		diff \| blob \| blame \| history