Skip to content

Commit 41326fd

Browse files
azurelinux-securityazurelinux-security
authored
[AutoPR- Security] Patch libtiff for CVE-2025-8961 [LOW] (#15176)
1 parent fb369e4 commit 41326fd

2 files changed

Lines changed: 80 additions & 1 deletion

File tree

SPECS/libtiff/CVE-2025-8961.patch

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
From 6c5b21599783ee9baab4a3ec0b90d215df9987b3 Mon Sep 17 00:00:00 2001
2+
From: Lee Howard <faxguy@howardsilvan.com>
3+
Date: Fri, 5 Sep 2025 21:42:35 +0000
4+
Subject: [PATCH] tiffcrop: fix double-free and memory leak exposed by issue
5+
#721
6+
7+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
8+
Upstream-reference: https://gitlab.com/libtiff/libtiff/-/commit/0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5.patch
9+
---
10+
archive/tools/tiffcrop.c | 8 +++++++-
11+
1 file changed, 7 insertions(+), 1 deletion(-)
12+
13+
diff --git a/archive/tools/tiffcrop.c b/archive/tools/tiffcrop.c
14+
index 93f0779..adfd0d2 100644
15+
--- a/archive/tools/tiffcrop.c
16+
+++ b/archive/tools/tiffcrop.c
17+
@@ -1072,6 +1072,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
18+
"Unable to extract row %" PRIu32
19+
" from tile %" PRIu32,
20+
row, TIFFCurrentTile(in));
21+
+ _TIFFfree(tilebuf);
22+
return 1;
23+
}
24+
break;
25+
@@ -1086,6 +1087,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
26+
"Unable to extract row %" PRIu32
27+
" from tile %" PRIu32,
28+
row, TIFFCurrentTile(in));
29+
+ _TIFFfree(tilebuf);
30+
return 1;
31+
}
32+
break;
33+
@@ -1098,6 +1100,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
34+
"Unable to extract row %" PRIu32
35+
" from tile %" PRIu32,
36+
row, TIFFCurrentTile(in));
37+
+ _TIFFfree(tilebuf);
38+
return 1;
39+
}
40+
break;
41+
@@ -1110,6 +1113,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
42+
"Unable to extract row %" PRIu32
43+
" from tile %" PRIu32,
44+
row, TIFFCurrentTile(in));
45+
+ _TIFFfree(tilebuf);
46+
return 1;
47+
}
48+
break;
49+
@@ -1124,12 +1128,14 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
50+
"Unable to extract row %" PRIu32
51+
" from tile %" PRIu32,
52+
row, TIFFCurrentTile(in));
53+
+ _TIFFfree(tilebuf);
54+
return 1;
55+
}
56+
break;
57+
default:
58+
TIFFError("readContigTilesIntoBuffer",
59+
"Unsupported bit depth %" PRIu16, bps);
60+
+ _TIFFfree(tilebuf);
61+
return 1;
62+
}
63+
}
64+
@@ -2898,7 +2904,7 @@ int main(int argc, char *argv[])
65+
}
66+
67+
/* If we did not use the read buffer as the crop buffer */
68+
- if (read_buff)
69+
+ if (read_buff && read_buff != crop_buff)
70+
_TIFFfree(read_buff);
71+
72+
if (crop_buff)
73+
--
74+
2.45.4
75+

SPECS/libtiff/libtiff.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: TIFF libraries and associated utilities.
22
Name: libtiff
33
Version: 4.6.0
4-
Release: 10%{?dist}
4+
Release: 11%{?dist}
55
License: libtiff
66
Vendor: Microsoft Corporation
77
Distribution: Azure Linux
@@ -20,6 +20,7 @@ Patch8: CVE-2025-8851.patch
2020
Patch9: CVE-2025-9165.patch
2121
Patch10: CVE-2025-9900.patch
2222
Patch11: CVE-2024-13978.patch
23+
Patch12: CVE-2025-8961.patch
2324

2425
BuildRequires: autoconf
2526
BuildRequires: automake
@@ -76,6 +77,9 @@ make %{?_smp_mflags} -k check
7677
%exclude %{_docdir}/tiff-%{version}/LICENSE.md
7778

7879
%changelog
80+
* Thu Nov 27 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4.6.0-11
81+
- Patch for CVE-2025-8961
82+
7983
* Mon Sep 29 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4.6.0-10
8084
- Patch for CVE-2024-13978
8185

0 commit comments

Comments
 (0)