By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
DLA-4315-1 | tiff security update |
![]() |
DSA-6023-1 | tiff security update |
![]() |
EUVD-2025-30917 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. |
![]() |
USN-7783-1 | LibTIFF vulnerabilities |
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Mon, 13 Oct 2025 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel E4s
Redhat rhel Tus |
|
CPEs | cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
Vendors & Products |
Redhat rhel E4s
Redhat rhel Tus |
|
References |
|
Thu, 09 Oct 2025 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Els
|
|
CPEs | cpe:/o:redhat:rhel_els:7 | |
Vendors & Products |
Redhat rhel Els
|
|
References |
|
Thu, 09 Oct 2025 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Aus
Redhat rhel Eus Long Life |
|
CPEs | cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
Vendors & Products |
Redhat rhel Aus
Redhat rhel Eus Long Life |
|
References |
|
Wed, 08 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Redhat rhivos
|
Wed, 01 Oct 2025 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhivos
|
|
CPEs | cpe:/o:redhat:rhivos:1 | |
Vendors & Products |
Redhat rhivos
|
Tue, 23 Sep 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 23 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. |
Title | libtiff: Libtiff Write-What-Where | Libtiff: libtiff write-what-where |
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
|
References |
|
Tue, 23 Sep 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | libtiff: Libtiff Write-What-Where | |
Weaknesses | CWE-123 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-10-13T01:25:47.180Z
Reserved: 2025-09-03T03:01:04.778Z
Link: CVE-2025-9900

Updated: 2025-09-23T18:31:21.984Z

Status : Awaiting Analysis
Published: 2025-09-23T17:15:38.357
Modified: 2025-10-13T02:15:34.853
Link: CVE-2025-9900


No data.