git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Yogita Urade <yogita.urade@windriver.com>
	Wed, 6 Aug 2025 12:24:12 +0000 (17:54 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 11 Aug 2025 17:09:08 +0000 (10:09 -0700)
commit	5dbc4ccce8676b016de8c1393c2f0d0f74eb9337
tree	96b74bc10b50b4d0ba1a65c71cd552205c9d9f81	tree \| snapshot
parent	bd620eb14660075fd0f7476bbbb65d5da6293874	commit \| diff

tiff: fix CVE-2025-8176

A vulnerability was found in LibTIFF up to 4.7.0. It has
been declared as critical. This vulnerability affects the
function get_histogram of the file tools/tiffmedian.c. The
manipulation leads to use after free. The attack needs to
be approached locally. The exploit has been disclosed to
the public and may be used. The patch is identified as
fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended
to apply a patch to fix this issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8176

Upstream patches:
https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa
https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda
https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0001.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0002.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0003.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb		diff \| blob \| blame \| history