{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libtiff security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libtiff is now available for openEuler-20.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.\n\nSecurity Fix(es):\n\nA NULL pointer dereference vulnerability (CWE-476) exists in the component libtiff/tif_open.c of libtiff up to version 4.7.1. When the application dereferences a pointer that it expects to be valid but is actually NULL, it can cause a crash or exit, affecting service availability.(CVE-2025-61143)\n\nA critical vulnerability was found in libtiff up to version 4.7.1 (Image Processing Software). The issue is classified as CWE-121 Stack-based Buffer Overflow. A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or function parameter). This vulnerability impacts confidentiality, integrity, and availability.(CVE-2025-61144)\n\nlibtiff is a library for reading and writing TIFF (Tagged Image File Format) files. A double free vulnerability (CWE-415) exists in the `tools/tiffcrop.c` component of libtiff versions up to and including 4.7.1. The vulnerability stems from the program calling the `free()` function twice on the same memory address. An attacker could potentially exploit this to modify unexpected memory locations, impacting the confidentiality, integrity, and availability of the system, potentially leading to application crashes or arbitrary code execution.(CVE-2025-61145)", "category":"general", "title":"Description" }, { "text":"An update for libtiff is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"libtiff", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1441", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1441" }, { "summary":"CVE-2025-61143", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61143&packageName=libtiff" }, { "summary":"CVE-2025-61144", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61144&packageName=libtiff" }, { "summary":"CVE-2025-61145", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61145&packageName=libtiff" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61143" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61144" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61145" }, { "summary":"openEuler-SA-2026-1441 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1441.json" } ], "title":"An update for libtiff is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2026-03-02T14:19:26+08:00", "revision_history":[ { "date":"2026-03-02T14:19:26+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-02T14:19:26+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-02T14:19:26+08:00", "id":"openEuler-SA-2026-1441", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-4.3.0-34.oe2003sp4.aarch64.rpm", "name":"libtiff-4.3.0-34.oe2003sp4.aarch64.rpm" }, "name":"libtiff-4.3.0-34.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64.rpm", "name":"libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64.rpm" }, "name":"libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64.rpm", "name":"libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64.rpm" }, "name":"libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-devel-4.3.0-34.oe2003sp4.aarch64.rpm", "name":"libtiff-devel-4.3.0-34.oe2003sp4.aarch64.rpm" }, "name":"libtiff-devel-4.3.0-34.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-4.3.0-34.oe2003sp4.src.rpm", "name":"libtiff-4.3.0-34.oe2003sp4.src.rpm" }, "name":"libtiff-4.3.0-34.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-4.3.0-34.oe2003sp4.x86_64.rpm", "name":"libtiff-4.3.0-34.oe2003sp4.x86_64.rpm" }, "name":"libtiff-4.3.0-34.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64.rpm", "name":"libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64.rpm" }, "name":"libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64.rpm", "name":"libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64.rpm" }, "name":"libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-devel-4.3.0-34.oe2003sp4.x86_64.rpm", "name":"libtiff-devel-4.3.0-34.oe2003sp4.x86_64.rpm" }, "name":"libtiff-devel-4.3.0-34.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"libtiff-help-4.3.0-34.oe2003sp4.noarch.rpm", "name":"libtiff-help-4.3.0-34.oe2003sp4.noarch.rpm" }, "name":"libtiff-help-4.3.0-34.oe2003sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-4.3.0-34.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "name":"libtiff-4.3.0-34.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "name":"libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "name":"libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-devel-4.3.0-34.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "name":"libtiff-devel-4.3.0-34.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-4.3.0-34.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "name":"libtiff-4.3.0-34.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-4.3.0-34.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "name":"libtiff-4.3.0-34.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "name":"libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "name":"libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-devel-4.3.0-34.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "name":"libtiff-devel-4.3.0-34.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"libtiff-help-4.3.0-34.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch", "name":"libtiff-help-4.3.0-34.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-61143", "notes":[ { "text":"A NULL pointer dereference vulnerability (CWE-476) exists in the component libtiff/tif_open.c of libtiff up to version 4.7.1. When the application dereferences a pointer that it expects to be valid but is actually NULL, it can cause a crash or exit, affecting service availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ], "details":"libtiff security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1441" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-61143" }, { "cve":"CVE-2025-61144", "notes":[ { "text":"A critical vulnerability was found in libtiff up to version 4.7.1 (Image Processing Software). The issue is classified as CWE-121 Stack-based Buffer Overflow. A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or function parameter). This vulnerability impacts confidentiality, integrity, and availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ], "details":"libtiff security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1441" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-61144" }, { "cve":"CVE-2025-61145", "notes":[ { "text":"libtiff is a library for reading and writing TIFF (Tagged Image File Format) files. A double free vulnerability (CWE-415) exists in the `tools/tiffcrop.c` component of libtiff versions up to and including 4.7.1. The vulnerability stems from the program calling the `free()` function twice on the same memory address. An attacker could potentially exploit this to modify unexpected memory locations, impacting the confidentiality, integrity, and availability of the system, potentially leading to application crashes or arbitrary code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ], "details":"libtiff security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1441" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.0, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.src", "openEuler-20.03-LTS-SP4:libtiff-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debuginfo-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-debugsource-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-devel-4.3.0-34.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:libtiff-help-4.3.0-34.oe2003sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-61145" } ] }