Amazon Linux 2023 Security Advisory: ALAS2023-2025-1176
Advisory Released Date: 2025-09-15
Advisory Updated Date: 2025-09-15
Severity:
Low
Issue Overview:
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. (CVE-2025-9165)
Affected Packages:
libtiff
Issue Correction:
Run dnf update libtiff --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1176 --releasever 2023.8.20250915 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libtiff-static-4.4.0-4.amzn2023.0.22.aarch64
libtiff-tools-4.4.0-4.amzn2023.0.22.aarch64
libtiff-debugsource-4.4.0-4.amzn2023.0.22.aarch64
libtiff-debuginfo-4.4.0-4.amzn2023.0.22.aarch64
libtiff-4.4.0-4.amzn2023.0.22.aarch64
libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.22.aarch64
libtiff-devel-4.4.0-4.amzn2023.0.22.aarch64
src:
libtiff-4.4.0-4.amzn2023.0.22.src
x86_64:
libtiff-debugsource-4.4.0-4.amzn2023.0.22.x86_64
libtiff-4.4.0-4.amzn2023.0.22.x86_64
libtiff-debuginfo-4.4.0-4.amzn2023.0.22.x86_64
libtiff-static-4.4.0-4.amzn2023.0.22.x86_64
libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.22.x86_64
libtiff-tools-4.4.0-4.amzn2023.0.22.x86_64
libtiff-devel-4.4.0-4.amzn2023.0.22.x86_64