From: Peter Korsgaard <peter@korsgaard.com>
To: Thomas Perale via buildroot <buildroot@buildroot.org>
Cc: Thomas Perale <thomas.perale@mind.be>
Subject: Re: [Buildroot] [PATCH 1/2] package/tiff: add patch to fix CVE-2025-8176
Date: Fri, 08 Aug 2025 16:37:23 +0200 [thread overview]
Message-ID: <87sei1q3q4.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20250806202029.625736-1-thomas.perale@mind.be> (Thomas Perale via buildroot's message of "Wed, 6 Aug 2025 22:20:28 +0200")
>>>>> "Thomas" == Thomas Perale via buildroot <buildroot@buildroot.org> writes:
> Fix the following vulnerability:
> - CVE-2025-8176
> A vulnerability was found in LibTIFF up to 4.7.0. It has been declared
> as critical. This vulnerability affects the function get_histogram of
> the file tools/tiffmedian.c. The manipulation leads to use after free.
> The attack needs to be approached locally. The exploit has been
> disclosed to the public and may be used. The patch is identified as
> fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a
> patch to fix this issue.
> For more information, see:
> - https://www.cve.org/CVERecord?id=CVE-2025-8176
> - https://gitlab.com/libtiff/libtiff/-/merge_requests/727
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> ---
> v1 -> v2: split the CVE-2025-8176 fix into multiple patches
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-08-08 14:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-06 20:20 [Buildroot] [PATCH 1/2] package/tiff: add patch to fix CVE-2025-8176 Thomas Perale via buildroot
2025-08-06 20:20 ` [Buildroot] [PATCH 2/2] package/tiff: add patch to fix CVE-2025-8177 Thomas Perale via buildroot
2025-08-08 14:37 ` Peter Korsgaard
2025-08-08 14:37 ` Peter Korsgaard [this message]
2025-08-14 20:32 ` [Buildroot] [PATCH 1/2] package/tiff: add patch to fix CVE-2025-8176 Thomas Perale via buildroot
-- strict thread matches above, loose matches on Subject: below --
2025-08-06 19:31 Thomas Perale via buildroot
2025-08-06 19:55 ` Peter Korsgaard
2025-08-06 20:24 ` Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sei1q3q4.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.