INFSA-2025:4658: libtiff security update
Information about definition
Identificator: INFSA-2025:4658
Type: security
Release date: 2025-06-09 06:07:42 UTC
Information about package
The LibTIFF packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Vulnerabilities description
- CVE-2017-17095
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2017-17095
|
no information | 7.5 | no information |
Updated packages