ГлавнаяУязвимости → CVE-2025-9900
8.8высокая

CVE-2025-9900

→ есть в БДУ: BDU:2025-13921 (на русском)
Описание (на английском; русское — в БДУ выше)

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://access.redhat.com/errata/RHSA-2025:17651https://access.redhat.com/errata/RHSA-2025:17675https://access.redhat.com/errata/RHSA-2025:17710https://access.redhat.com/errata/RHSA-2025:17738https://access.redhat.com/errata/RHSA-2025:17739https://access.redhat.com/errata/RHSA-2025:17740https://access.redhat.com/errata/RHSA-2025:19113https://access.redhat.com/errata/RHSA-2025:19156