Amazon Linux 2 Security Advisory: ALAS2-2026-3194
Advisory Released Date: 2026-03-19
Advisory Updated Date: 2026-03-19
Severity:
Medium
Issue Overview:
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. (CVE-2025-61145)
A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. (CVE-2025-8961)
Affected Packages:
compat-libtiff3
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update compat-libtiff3 or yum update --advisory ALAS2-2026-3194 to update your system.
New Packages:
aarch64:
compat-libtiff3-3.9.4-12.amzn2.0.7.aarch64
compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.7.aarch64
i686:
compat-libtiff3-3.9.4-12.amzn2.0.7.i686
compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.7.i686
src:
compat-libtiff3-3.9.4-12.amzn2.0.7.src
x86_64:
compat-libtiff3-3.9.4-12.amzn2.0.7.x86_64
compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.7.x86_64