From: Peter Korsgaard <peter@korsgaard.com>
To: Thomas Perale via buildroot <buildroot@buildroot.org>
Cc: Thomas Perale <thomas.perale@mind.be>
Subject: Re: [Buildroot] [PATCH 1/2] package/tiff: add patch to fix CVE-2025-8176
Date: Fri, 08 Aug 2025 16:37:23 +0200 [thread overview]
Message-ID: <87sei1q3q4.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20250806202029.625736-1-thomas.perale@mind.be> (Thomas Perale via buildroot's message of "Wed, 6 Aug 2025 22:20:28 +0200")
>>>>> "Thomas" == Thomas Perale via buildroot <buildroot@buildroot.org> writes:
> Fix the following vulnerability:
> - CVE-2025-8176
> A vulnerability was found in LibTIFF up to 4.7.0. It has been declared
> as critical. This vulnerability affects the function get_histogram of
> the file tools/tiffmedian.c. The manipulation leads to use after free.
> The attack needs to be approached locally. The exploit has been
> disclosed to the public and may be used. The patch is identified as
> fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a
> patch to fix this issue.
> For more information, see:
> - https://www.cve.org/CVERecord?id=CVE-2025-8176
> - https://gitlab.com/libtiff/libtiff/-/merge_requests/727
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> ---
> v1 -> v2: split the CVE-2025-8176 fix into multiple patches
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-08-08 14:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-06 20:20 [Buildroot] [PATCH 1/2] package/tiff: add patch to fix CVE-2025-8176 Thomas Perale via buildroot
2025-08-06 20:20 ` [Buildroot] [PATCH 2/2] package/tiff: add patch to fix CVE-2025-8177 Thomas Perale via buildroot
2025-08-08 14:37 ` Peter Korsgaard
2025-08-08 14:37 ` Peter Korsgaard [this message]
2025-08-14 20:32 ` [Buildroot] [PATCH 1/2] package/tiff: add patch to fix CVE-2025-8176 Thomas Perale via buildroot
-- strict thread matches above, loose matches on Subject: below --
2025-08-06 19:31 Thomas Perale via buildroot
2025-08-06 19:55 ` Peter Korsgaard
2025-08-06 20:24 ` Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sei1q3q4.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox