]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5dbc4cc) | patch
tiff: fix CVE-2025-8177
authorYogita Urade <yogita.urade@windriver.com>
Wed, 6 Aug 2025 12:24:13 +0000 (17:54 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 11 Aug 2025 17:09:08 +0000 (10:09 -0700)
commitfbf3238630c104c9e17d6e902986358cea5986ff
tree9596d13f0d1b59a516799728c48928422fd93590tree | snapshot
parent5dbc4ccce8676b016de8c1393c2f0d0f74eb9337commit | diff
tiff: fix CVE-2025-8177

A vulnerability was found in LibTIFF up to 4.7.0. It has been
rated as critical. This issue affects the function setrow of the
file tools/thumbnail.c. The manipulation leads to buffer overflow.
An attack has to be approached locally. The patch is named
e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to
apply a patch to fix this issue. This vulnerability only affects
products that are no longer supported by the maintainer.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8177

Upstream patch:
https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib