CVE-2025-9900
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-23
Last updated on: 2026-04-20
Assigner: Red Hat, Inc.
Description
Description
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | libtiff | 4.7.0 |
| redhat | compat-libtiff3 | * |
| redhat | libtiff | 4.7.1 |
| redhat | libtiff3 | * |
| redhat | libtiff | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-123 | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a write-what-where condition in the Libtiff library that occurs when processing a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can cause the library to write attacker-controlled color data to an arbitrary memory location, leading to memory corruption.
How can this vulnerability impact me? :
The vulnerability can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user running the application.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70