vulnerability

Huawei EulerOS: CVE-2025-9900: libtiff security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Nov 11, 2025	Dec 12, 2025	Dec 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Nov 11, 2025

Added

Dec 12, 2025

Modified

Dec 15, 2025

Description

By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

Solution

huawei-euleros-2_0_sp11-upgrade-libtiff

References

CVE-2025-9900
https://attackerkb.com/topics/CVE-2025-9900
CWE-123
EULEROS-EulerOS-SA-2025-2485

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today