CVE-2025-8961
Published: August 15, 2025Last modified: September 26, 2025
Description
A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 3.3 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | tiff | Fixed (4.4.0-r5) |
| 25 LTS | tiff | Fixed (4.7.1-r0) | |
| Stream | tiff | Fixed (4.7.1-r0) |
References
- http://www.libtiff.org/
- https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
- https://gitlab.com/libtiff/libtiff/-/issues/721
- https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
- https://vuldb.com/?ctiid.319955
- https://vuldb.com/?id.319955
- https://vuldb.com/?submit.627957