[kirkstone,06/24] tiff: Fix CVE-2025-9165

Message ID	08823f96a400055e5924bae3af0d2dfaf488148b.1760038088.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.182, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/24] tiff: Fix CVE-2025-9165 Date: Thu, 9 Oct 2025 12:30:50 -0700 Message-ID: <08823f96a400055e5924bae3af0d2dfaf488148b.1760038088.git.steve@sakoman.com> In-Reply-To: <cover.1760038088.git.steve@sakoman.com> References: <cover.1760038088.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/24] libxml2: fix CVE-2025-9714 \| expand [kirkstone,01/24] libxml2: fix CVE-2025-9714 [kirkstone,02/24] gstreamer1.0-plugins-bad: Fix CVE-2025-3887 [kirkstone,03/24] busybox: patch CVE-2025-46394 [kirkstone,04/24] libxslt: Patch for CVE-2025-7424 [kirkstone,05/24] tiff: Fix CVE-2025-8961 [kirkstone,06/24] tiff: Fix CVE-2025-9165 [kirkstone,07/24] gstreamer1.0: ignore CVEs fixed in plugins [kirkstone,08/24] gstreamer1.0: ignore CVE-2025-2759 [kirkstone,09/24] grub: ignore CVE-2024-2312 [kirkstone,10/24] ghostscript: patch CVE-2025-59798 [kirkstone,11/24] ghostscript: patch CVE-2025-59799 [kirkstone,12/24] ghostscript: patch CVE-2025-59800 [kirkstone,13/24] pulseaudio: ignore CVE-2024-11586 [kirkstone,14/24] ffmpeg: ignore CVE-2023-6603 [kirkstone,15/24] ffmpeg: mark CVE-2023-6601 as patched [kirkstone,16/24] go: fix CVE-2025-47906 [kirkstone,17/24] scripts/install-buildtools: Update to 4.0.30 [kirkstone,18/24] openssl: upgrade 3.0.17 -> 3.0.18 [kirkstone,19/24] glibc: stable 2.35 branch updates [kirkstone,20/24] systemd: backport fix for handle USE_NLS from master [kirkstone,21/24] p11-kit: backport fix for handle USE_NLS from master [kirkstone,22/24] conf/bitbake.conf: use gnu mirror instead of main server [kirkstone,23/24] selftest/cases/meta_ide.py: use use gnu mirror instead of main server [kirkstone,24/24] oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

Message ID

08823f96a400055e5924bae3af0d2dfaf488148b.1760038088.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/24] tiff: Fix CVE-2025-9165
Date: Thu,  9 Oct 2025 12:30:50 -0700
Message-ID: 
 <08823f96a400055e5924bae3af0d2dfaf488148b.1760038088.git.steve@sakoman.com>
In-Reply-To: <cover.1760038088.git.steve@sakoman.com>
References: <cover.1760038088.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/24] libxml2: fix CVE-2025-9714 | expand

Commit Message

Steve Sakoman Oct. 9, 2025, 7:30 p.m. UTC

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Commit: https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/tiff/CVE-2025-9165.patch          | 32 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch
new file mode 100644
index 0000000000..3694b11c67
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch
@@ -0,0 +1,32 @@ 
+From ed141286a37f6e5ddafb5069347ff5d587e7a4e0 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 8 Aug 2025 21:35:30 +0200
+Subject: [PATCH] tiffcmp: fix memory leak when second file cannot be opened.
+
+Closes #728, #729
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0]
+CVE: CVE-2025-9165
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tools/tiffcmp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c
+index 2a35fe6..f812c7d 100644
+--- a/tools/tiffcmp.c
++++ b/tools/tiffcmp.c
+@@ -103,7 +103,10 @@ main(int argc, char* argv[])
+ 		return (2);
+ 	tif2 = TIFFOpen(argv[optind+1], "r");
+ 	if (tif2 == NULL)
++	{
++		TIFFClose(tif1);
+ 		return (2);
++	}
+ 	dirnum = 0;
+ 	while (tiffcmp(tif1, tif2)) {
+ 		if (!TIFFReadDirectory(tif1)) {
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 2ee6cdef73..84c3028b45 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -64,6 +64,7 @@  SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2025-8851.patch \
            file://CVE-2025-9900.patch \
            file://CVE-2025-8961.patch \
+           file://CVE-2025-9165.patch \
            "
 
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"

[kirkstone,06/24] tiff: Fix CVE-2025-9165

Commit Message

Patch