Issued:: 2025-11-06
Updated:: 2025-11-06

RHSA-2025:19906 - Security Advisory

Overview
Updated Packages

Synopsis

Important: mingw-libtiff security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mingw-libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files.

Security Fix(es):

libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
libtiff: Libtiff Write-What-Where (CVE-2025-9900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat CodeReady Linux Builder for x86_64 8 x86_64

Fixes

BZ - 2383598 - CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability
BZ - 2392784 - CVE-2025-9900 libtiff: Libtiff Write-What-Where

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
mingw-libtiff-4.0.9-3.el8_10.src.rpm	SHA-256: e4c262afaf37ce07746ee18ff38b19f4ccbc010f8e098da96c32046c3d79ee74
x86_64
mingw32-libtiff-4.0.9-3.el8_10.noarch.rpm	SHA-256: 35340f418817a813fb93ffa22b9fdaafb494fe8dfe766a912363683f490148dd
mingw32-libtiff-debuginfo-4.0.9-3.el8_10.noarch.rpm	SHA-256: de0def003e8f673336315a8d2d82e9e105e9fc3f7710c98d8d58584d21c979bb
mingw32-libtiff-static-4.0.9-3.el8_10.noarch.rpm	SHA-256: ca1627d6c30a11d02564f531c599a61a75271f1ae5cbab013ca09a8c79a442b2
mingw64-libtiff-4.0.9-3.el8_10.noarch.rpm	SHA-256: e286e17547df10a72bbdcec7687f2fa496b9dc8314065d2795a87f022e0c0ce1
mingw64-libtiff-debuginfo-4.0.9-3.el8_10.noarch.rpm	SHA-256: 6a6f5acc6af849e27e7b76d48c1eb64924cc303dcfaca60d0928050f96712d24
mingw64-libtiff-static-4.0.9-3.el8_10.noarch.rpm	SHA-256: 76474a53c6c8fd294132312012cfeeb6c0b14c63e5c6a0ee2d3837c278dff5ae

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation