CLSA-2025-1744116383
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1744116383.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1744116383
- Upstream
- Published
- 2025-04-08T12:46:28Z
- Modified
- 2026-06-01T00:30:35.744703682Z
- Summary
- libtiff: Fix of 4 CVEs
- Details
-
- CVE-2024-7006: check return value of _TIFFCreateAnonField() to avoid potential DoS via memory allocation failures
- CVE-2023-6228: validate input image codec in tiffcp to prevent heap-based buffer overflow and potential application crash
- CVE-2022-40090: improve IFD loop handling in TIFFReadDirectory to prevent DoS via crafted TIFF files
- CVE-2023-2731: handle missing end-of-information marker in LZWDecode() to prevent NULL pointer dereference and potential DoS
- References
Affected packages
TuxCare:AlmaLinux:9.2 / libtiff
Package
- Name
- libtiff
- Purl
- pkg:rpm/tuxcare/libtiff?distro=almalinux-9.2
TuxCare:AlmaLinux:9.2 / libtiff-devel
Package
- Name
- libtiff-devel
- Purl
- pkg:rpm/tuxcare/libtiff-devel?distro=almalinux-9.2
TuxCare:AlmaLinux:9.2 / libtiff-static
Package
- Name
- libtiff-static
- Purl
- pkg:rpm/tuxcare/libtiff-static?distro=almalinux-9.2