Amazon Linux 2023 Security Advisory: ALAS2023-2025-1164
Advisory Released Date: 2025-09-08
Advisory Updated Date: 2025-09-08
Severity:
Medium
Issue Overview:
A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. (CVE-2025-8851)
Affected Packages:
libtiff
Issue Correction:
Run dnf update libtiff --releasever 2023.8.20250908 or dnf update --advisory ALAS2023-2025-1164 --releasever 2023.8.20250908 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libtiff-static-4.4.0-4.amzn2023.0.21.aarch64
libtiff-debuginfo-4.4.0-4.amzn2023.0.21.aarch64
libtiff-tools-4.4.0-4.amzn2023.0.21.aarch64
libtiff-debugsource-4.4.0-4.amzn2023.0.21.aarch64
libtiff-4.4.0-4.amzn2023.0.21.aarch64
libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.21.aarch64
libtiff-devel-4.4.0-4.amzn2023.0.21.aarch64
src:
libtiff-4.4.0-4.amzn2023.0.21.src
x86_64:
libtiff-debugsource-4.4.0-4.amzn2023.0.21.x86_64
libtiff-debuginfo-4.4.0-4.amzn2023.0.21.x86_64
libtiff-tools-4.4.0-4.amzn2023.0.21.x86_64
libtiff-static-4.4.0-4.amzn2023.0.21.x86_64
libtiff-4.4.0-4.amzn2023.0.21.x86_64
libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.21.x86_64
libtiff-devel-4.4.0-4.amzn2023.0.21.x86_64