{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:50:16.215","vulnerabilities":[{"cve":{"id":"CVE-2025-9900","sourceIdentifier":"secalert@redhat.com","published":"2025-09-23T17:15:38.357","lastModified":"2026-04-20T22:16:22.580","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-123"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:17651","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17675","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17710","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17738","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17739","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17740","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19113","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19156","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19276","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19906","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19947","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:20956","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:20998","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21060","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21061","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21062","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21407","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21506","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21507","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21508","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21994","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23078","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23079","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23080","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0001","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0076","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0077","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0078","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3461","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3462","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7504","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-9900","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392784","source":"secalert@redhat.com"},{"url":"https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file","source":"secalert@redhat.com"},{"url":"https://gitlab.com/libtiff/libtiff/-/issues/704","source":"secalert@redhat.com"},{"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/732","source":"secalert@redhat.com"},{"url":"https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2025/09/26/3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}