CVE-2025-9900: Libtiff: libtiff write-what-where
Published Sep 3, 2025
·Updated
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
Affected Software
4 affected componentsFixes available
LibTIFF libtiff
debian/tiff<=4.2.0-1+deb11u5, <=4.5.0-6+deb12u2, <=4.5.0-6+deb12u1, <=4.7.0-3
4.2.0-1+deb11u74.7.1-1
Microsoft cbl2 libtiff 4.6.0-8
Microsoft azl3 libtiff 4.6.0-8
Event History
Sep 3, 2025
Data Sourced
via Red Hat·03:01 AM
DescriptionSeverityAffected Software
Sep 23, 2025
CVE Published
via MITRE·04:26 PM
Data Sourced
via MITRE·04:26 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:15 PM
DescriptionSeverityWeakness
Sep 26, 2025
Data Sourced
via Launchpad·11:12 AM
Description
Sep 27, 2025
Data Sourced
via Microsoft·01:03 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·01:03 AM
Affected Software
Updated
via Microsoft·01:03 AM
DescriptionSeverity
Sep 30, 2025
Data Sourced
via Debian·11:11 AM
DescriptionAffected Software
Data Sourced
via Ubuntu·11:11 AM
RemedyDescriptionSeverityAffected Software
Jan 30, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-9900?
CVE-2025-9900 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.
2
How do I fix CVE-2025-9900?
To fix CVE-2025-9900, update to Libtiff version 4.2.0-1+deb11u7 or 4.7.1-1.
3
What software is affected by CVE-2025-9900?
CVE-2025-9900 affects the Libtiff library and specifically versions prior to 4.2.0-1+deb11u7 and 4.7.1-1.
4
What type of vulnerability is CVE-2025-9900?
CVE-2025-9900 is a write-what-where condition that occurs when processing specially crafted TIFF image files.
5
Can CVE-2025-9900 be exploited remotely?
Yes, CVE-2025-9900 can be exploited remotely through malicious TIFF files.