Amazon Linux 2 Security Advisory: ALAS2-2025-3004
Advisory Released Date: 2025-09-29
Advisory Updated Date: 2025-09-29
Severity:
Low
Issue Overview:
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. (CVE-2025-9165)
Affected Packages:
libtiff
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libtiff or yum update --advisory ALAS2-2025-3004 to update your system.
New Packages:
aarch64:
libtiff-4.0.3-35.amzn2.0.25.aarch64
libtiff-devel-4.0.3-35.amzn2.0.25.aarch64
libtiff-static-4.0.3-35.amzn2.0.25.aarch64
libtiff-tools-4.0.3-35.amzn2.0.25.aarch64
libtiff-debuginfo-4.0.3-35.amzn2.0.25.aarch64
i686:
libtiff-4.0.3-35.amzn2.0.25.i686
libtiff-devel-4.0.3-35.amzn2.0.25.i686
libtiff-static-4.0.3-35.amzn2.0.25.i686
libtiff-tools-4.0.3-35.amzn2.0.25.i686
libtiff-debuginfo-4.0.3-35.amzn2.0.25.i686
src:
libtiff-4.0.3-35.amzn2.0.25.src
x86_64:
libtiff-4.0.3-35.amzn2.0.25.x86_64
libtiff-devel-4.0.3-35.amzn2.0.25.x86_64
libtiff-static-4.0.3-35.amzn2.0.25.x86_64
libtiff-tools-4.0.3-35.amzn2.0.25.x86_64
libtiff-debuginfo-4.0.3-35.amzn2.0.25.x86_64