CVE-2025-9900

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 4.7.0 LibTIFF version 4.7.0

Description A flaw exists in LibTIFF that results in a "write-what-where" condition. This issue is triggered when the library processes a specially crafted TIFF image file. An attacker can provide an abnormally large image height value in the file's metadata, which tricks the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can lead to a denial of service (application crash) or potentially allow for arbitrary code execution with the permissions of the user. The issue is present in versions using the TIFFReadRGBAImage or TIFFReadRGBAImageOriented functions with a smaller height than the actual TIFF image height.

Recommendations For versions prior to 4.7.0, update to version 4.7.0 or later. For version 4.7.0, ensure that the image height used in TIFFReadRGBAImage or TIFFReadRGBAImageOriented matches the actual TIFF image height to prevent potential exploitation.