Updated libtiff packages fix security vulnerabilities
Publication date: 31 Oct 2025Modification date: 31 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13978 , CVE-2025-8176 , CVE-2025-8177 , CVE-2025-8534 , CVE-2025-8961 , CVE-2025-9165 , CVE-2025-9900
Description
LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference.
(CVE-2024-13978)
LibTIFF tiffmedian.c get_histogram use after free. (CVE-2025-8176)
LibTIFF thumbnail.c setrow buffer overflow. (CVE-2025-8177)
libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference.
(CVE-2025-8534)
LibTIFF tiffcrop tiffcrop.c main memory corruption. (CVE-2025-8961)
LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak. (CVE-2025-9165)
Libtiff: libtiff write-what-where. (CVE-2025-9900)
References
- https://bugs.mageia.org/show_bug.cgi?id=34704
- https://lists.debian.org/debian-security-announce/2025/msg00189.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9165
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900
SRPMS
9/core
- libtiff-4.5.1-1.6.mga9