Skip to main content
Skip table of contents

ISN 2025-45 LibTiff Vulnerability

First published 14 October 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in LibTiff, an image processing library used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

LibTiff suffers from a write-what-where condition that can be triggered by processing a specially crafted TIFF image file. This means that an attacker could write outside of bounds, execute arbitrary code, or crash the application. This is tracked as CVE-2025-9900 and rated high.

Update Instructions

  • OS 12: Update to the OS 12 base system app in version 12.7.4 or newer when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.11.100 when available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close