Home / mailingsPDF  

[USN-7783-1] LibTIFF vulnerabilities

Posted on 29 September 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7783-1
September 29, 2025

tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in LibTIFF.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF images. An attacker could possibly use
this issue to cause LibTIFF to crash, resulting in a denial of service.
(CVE-2025-8961)

Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF image headers. An attacker could
possibly use this issue to cause LibTIFF to leak memory, resulting in a
denial of service. (CVE-2025-9165)

It was discovered that LibTIFF incorrectly handled memory when parsing
malformed TIFF image metadata. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2025-9900)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libtiff6 4.5.1+git230720-4ubuntu4.2

Ubuntu 24.04 LTS
libtiff6 4.5.1+git230720-4ubuntu2.4

Ubuntu 22.04 LTS
libtiff5 4.3.0-6ubuntu0.12

Ubuntu 20.04 LTS
libtiff5 4.1.0+git191117-2ubuntu0.20.04.14+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libtiff5 4.0.9-5ubuntu0.10+esm9
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libtiff5 4.0.6-1ubuntu0.8+esm19
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libtiff5 4.0.3-7ubuntu0.11+esm16
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7783-1
CVE-2025-8961, CVE-2025-9165, CVE-2025-9900

Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu4.2
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.4
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.12

--===============5456595638575860702==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :