Advisories » MGASA-2026-0105

Updated libtiff packages fix security vulnerabilities

Publication date: 21 Apr 2026
Modification date: 20 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61143 , CVE-2025-61144

Description

libtiff up to v4.7.1 was discovered to contain a NULL pointer
dereference via the component libtiff/tif_open.c. (CVE-2025-61143)
libtiff up to v4.7.1 was discovered to contain a stack overflow via the
readSeparateStripsIntoBuffer function. (CVE-2025-61144)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35268
• https://ubuntu.com/security/notices/USN-8113-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61144

SRPMS

9/core

• libtiff-4.5.1-1.7.mga9