Msrc Cbl2 Libtiff 4.6.0-11 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-61144 [HIGH] CWE-119 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. Mariner: Mariner mitre: mitre Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-61143 [MEDIUM] CWE-476 libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. Mariner: Mariner mitre: mitre Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-61145 [MEDIUM] CWE-415 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. Mariner: Mariner mitre: mitre Customer Action Required: Yes

CVE-2025-8961 [MEDIUM] CWE-119 LibTIFF tiffcrop tiffcrop.c main memory corruption LibTIFF tiffcrop tiffcrop.c main memory corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro