An update for libtiff is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1442 Final 1.0 1.0 2026-02-28 Initial 2026-02-28 2026-02-28 openEuler SA Tool V1.0 2026-02-28 libtiff security update An update for libtiff is now available for openEuler-22.03-LTS-SP4 This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library. Security Fix(es): A NULL pointer dereference vulnerability (CWE-476) exists in the component libtiff/tif_open.c of libtiff up to version 4.7.1. When the application dereferences a pointer that it expects to be valid but is actually NULL, it can cause a crash or exit, affecting service availability.(CVE-2025-61143) A critical vulnerability was found in libtiff up to version 4.7.1 (Image Processing Software). The issue is classified as CWE-121 Stack-based Buffer Overflow. A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or function parameter). This vulnerability impacts confidentiality, integrity, and availability.(CVE-2025-61144) libtiff is a library for reading and writing TIFF (Tagged Image File Format) files. A double free vulnerability (CWE-415) exists in the `tools/tiffcrop.c` component of libtiff versions up to and including 4.7.1. The vulnerability stems from the program calling the `free()` function twice on the same memory address. An attacker could potentially exploit this to modify unexpected memory locations, impacting the confidentiality, integrity, and availability of the system, potentially leading to application crashes or arbitrary code execution.(CVE-2025-61145) An update for libtiff is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libtiff https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1442 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61143 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61144 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61145 https://nvd.nist.gov/vuln/detail/CVE-2025-61143 https://nvd.nist.gov/vuln/detail/CVE-2025-61144 https://nvd.nist.gov/vuln/detail/CVE-2025-61145 openEuler-22.03-LTS-SP4 libtiff-4.3.0-48.oe2203sp4.aarch64.rpm libtiff-debuginfo-4.3.0-48.oe2203sp4.aarch64.rpm libtiff-debugsource-4.3.0-48.oe2203sp4.aarch64.rpm libtiff-devel-4.3.0-48.oe2203sp4.aarch64.rpm libtiff-static-4.3.0-48.oe2203sp4.aarch64.rpm libtiff-tools-4.3.0-48.oe2203sp4.aarch64.rpm libtiff-4.3.0-48.oe2203sp4.src.rpm libtiff-4.3.0-48.oe2203sp4.x86_64.rpm libtiff-debuginfo-4.3.0-48.oe2203sp4.x86_64.rpm libtiff-debugsource-4.3.0-48.oe2203sp4.x86_64.rpm libtiff-devel-4.3.0-48.oe2203sp4.x86_64.rpm libtiff-static-4.3.0-48.oe2203sp4.x86_64.rpm libtiff-tools-4.3.0-48.oe2203sp4.x86_64.rpm libtiff-help-4.3.0-48.oe2203sp4.noarch.rpm A NULL pointer dereference vulnerability (CWE-476) exists in the component libtiff/tif_open.c of libtiff up to version 4.7.1. When the application dereferences a pointer that it expects to be valid but is actually NULL, it can cause a crash or exit, affecting service availability. 2026-02-28 CVE-2025-61143 openEuler-22.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H libtiff security update 2026-02-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1442 A critical vulnerability was found in libtiff up to version 4.7.1 (Image Processing Software). The issue is classified as CWE-121 Stack-based Buffer Overflow. A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or function parameter). This vulnerability impacts confidentiality, integrity, and availability. 2026-02-28 CVE-2025-61144 openEuler-22.03-LTS-SP4 High 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H libtiff security update 2026-02-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1442 libtiff is a library for reading and writing TIFF (Tagged Image File Format) files. A double free vulnerability (CWE-415) exists in the `tools/tiffcrop.c` component of libtiff versions up to and including 4.7.1. The vulnerability stems from the program calling the `free()` function twice on the same memory address. An attacker could potentially exploit this to modify unexpected memory locations, impacting the confidentiality, integrity, and availability of the system, potentially leading to application crashes or arbitrary code execution. 2026-02-28 CVE-2025-61145 openEuler-22.03-LTS-SP4 Medium 5.0 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H libtiff security update 2026-02-28 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1442