CVE-2025-9900

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-9900

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9900.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9900

Downstream

BELL-CVE-2025-9900

DEBIAN-CVE-2025-9900

DLA-4315-1

DSA-6023-1

ECHO-0ec2-a434-c824

OESA-2025-2400

OESA-2025-2401

OESA-2025-2402

OESA-2025-2403

OESA-2025-2404

OESA-2025-2405

RHSA-2025:17651

RHSA-2025:17675

RHSA-2025:17710

RHSA-2025:17738

RHSA-2025:17739

RHSA-2025:17740

RHSA-2025:19113

RHSA-2025:19156

RHSA-2025:19276

RHSA-2025:19906

RHSA-2025:19947

RHSA-2025:20956

RHSA-2025:20998

RHSA-2025:21060

RHSA-2025:21061

RHSA-2025:21062

RLSA-2025:17675

RLSA-2025:19113

RLSA-2025:19156

RLSA-2025:19276

RLSA-2025:19906

SUSE-SU-2025:3941-1

SUSE-SU-2025:3957-1

UBUNTU-CVE-2025-9900

USN-7783-1

Related

Published

2025-09-23T17:15:38Z

Modified

2025-10-13T02:15:34Z

Summary

[none]

Details

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.

By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

References

Affected packages