2389574 – (CVE-2025-9165) CVE-2025-9165 libtiff: LibTIFF memory leak

Bug 2389574 (CVE-2025-9165) - CVE-2025-9165 libtiff: LibTIFF memory leak

Summary: CVE-2025-9165 libtiff: LibTIFF memory leak

Keywords:
Status:	NEW
Alias:	CVE-2025-9165
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2389602 2389603 2389605 2389606 2389607 2389609 2389610 2389604 2389608
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-19 21:01 UTC by OSIDB Bzimport
Modified:	2025-08-20 14:08 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-19 21:01:22 UTC

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue.

Note You need to log in before you can comment on or make changes to this bug.