CVE-2025-9900
Detail
Not Scheduled This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://www.openwall.com/lists/oss-security/2025/09/26/3
CVE
https://access.redhat.com/errata/RHSA-2025:17651
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:17675
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:17710
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:17738
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:17739
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:17740
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:19113
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:19156
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:19276
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:19906
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:19947
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:20956
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:20998
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21060
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21061
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21062
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21407
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21506
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21507
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21508
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:21994
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:23078
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:23079
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:23080
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:0001
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:0076
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:0077
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:0078
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:3461
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:3462
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:7504
Red Hat, Inc.
https://access.redhat.com/security/cve/CVE-2025-9900
Red Hat, Inc.
https://bugzilla.redhat.com/show_bug.cgi?id=2392784
Red Hat, Inc.
https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
CISA-ADP, Inc., Red Hat
https://gitlab.com/libtiff/libtiff/-/issues/704
Red Hat, Inc.
https://gitlab.com/libtiff/libtiff/-/merge_requests/732
Red Hat, Inc.
https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html
Red Hat, Inc.
https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html
CVE
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-123
Write-what-where Condition
Red Hat, Inc.
Change History
26 change records found show changes
CVE Modified by Red Hat, Inc. 4/20/2026 6:16:22 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:7504
CVE Modified by Red Hat, Inc. 2/27/2026 11:16:22 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:3461
Added
Reference
https://access.redhat.com/errata/RHSA-2026:3462
CVE Modified by Red Hat, Inc. 1/06/2026 2:15:43 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:0076
Added
Reference
https://access.redhat.com/errata/RHSA-2026:0077
CVE Modified by Red Hat, Inc. 1/05/2026 1:15:44 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:0078
CVE Modified by Red Hat, Inc. 1/04/2026 11:15:42 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:0001
CVE Modified by Red Hat, Inc. 12/10/2025 2:16:35 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:23078
Added
Reference
https://access.redhat.com/errata/RHSA-2025:23079
Added
Reference
https://access.redhat.com/errata/RHSA-2025:23080
CVE Modified by Red Hat, Inc. 11/24/2025 4:16:05 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21994
CVE Modified by Red Hat, Inc. 11/17/2025 10:15:52 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21506
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21507
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21508
CVE Modified by Red Hat, Inc. 11/16/2025 9:15:43 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21407
CVE Modified by Red Hat, Inc. 11/12/2025 4:15:42 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21060
CVE Modified by Red Hat, Inc. 11/11/2025 10:15:44 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21061
Added
Reference
https://access.redhat.com/errata/RHSA-2025:21062
CVE Modified by Red Hat, Inc. 11/11/2025 3:15:35 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:20998
CVE Modified by Red Hat, Inc. 11/11/2025 11:15:41 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:20956
CVE Modified by Red Hat, Inc. 11/09/2025 10:15:43 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:19947
CVE Modified by Red Hat, Inc. 11/07/2025 5:15:39 PM
Action
Type
Old Value
New Value
Added
Reference
https://gitlab.com/libtiff/libtiff/-/issues/704
Added
Reference
https://gitlab.com/libtiff/libtiff/-/merge_requests/732
Added
Reference
https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html
CVE Modified by Red Hat, Inc. 11/06/2025 5:15:45 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:19906
CVE Modified by CVE 11/04/2025 5:16:46 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.openwall.com/lists/oss-security/2025/09/26/3
CVE Modified by CVE 11/03/2025 2:16:17 PM
Action
Type
Old Value
New Value
Added
Reference
https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html
CVE Modified by Red Hat, Inc. 10/29/2025 9:16:04 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:19276
CVE Modified by Red Hat, Inc. 10/28/2025 8:15:43 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:19156
CVE Modified by Red Hat, Inc. 10/27/2025 9:16:12 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:19113
CVE Modified by Red Hat, Inc. 10/12/2025 10:15:34 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:17738
Added
Reference
https://access.redhat.com/errata/RHSA-2025:17739
Added
Reference
https://access.redhat.com/errata/RHSA-2025:17740
CVE Modified by Red Hat, Inc. 10/09/2025 7:15:33 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:17710
CVE Modified by Red Hat, Inc. 10/09/2025 8:15:36 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:17651
Added
Reference
https://access.redhat.com/errata/RHSA-2025:17675
CVE Modified by CISA-ADP 9/23/2025 3:15:42 PM
Action
Type
Old Value
New Value
Added
Reference
https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
New CVE Received from Red Hat, Inc. 9/23/2025 1:15:38 PM
Action
Type
Old Value
New Value
Added
Description
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Added
CVSS V3.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added
CWE
CWE-123
Added
Reference
https://access.redhat.com/security/cve/CVE-2025-9900
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2392784
Added
Reference
https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file
Quick Info
CVE Dictionary Entry: CVE-2025-9900 NVD
Published Date: 09/23/2025 NVD
Last Modified: 04/20/2026
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
