vulnerability

Huawei EulerOS: CVE-2025-9900: libtiff security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Jan 13, 2026	Jan 15, 2026	Jan 16, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Jan 13, 2026

Added

Jan 15, 2026

Modified

Jan 16, 2026

Description

By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

Solution

huawei-euleros-2_0_sp10-upgrade-libtiff

References

CVE-2025-9900
https://attackerkb.com/topics/CVE-2025-9900
CWE-123
EULEROS-EulerOS-SA-2026-1053

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today