CVE-2025-8534

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

CVSS v3 2.5 LOW
CVSS v2.0 1.0 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.0^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:S/C:N/I:N/A:P

Exploitability : 1.5 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.libtiff.org/
https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link
https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b
https://gitlab.com/libtiff/libtiff/-/issues/718
https://gitlab.com/libtiff/libtiff/-/merge_requests/746
https://vuldb.com/?ctiid.318664
https://vuldb.com/?id.318664
https://vuldb.com/?submit.617831
https://gitlab.com/libtiff/libtiff/-/issues/718
https://vuldb.com/?submit.617831

Configurations

No configuration.

History

05 Aug 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://gitlab.com/libtiff/libtiff/-/issues/718 -~~	() https://gitlab.com/libtiff/libtiff/-/issues/718 -
References	~~() https://vuldb.com/?submit.617831 -~~	() https://vuldb.com/?submit.617831 -

05 Aug 2025, 14:34

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad clasificada como problemática en libtiff 4.6.0. Esta vulnerabilidad afecta a la función PS_Lvl2page del archivo tools/tiff2ps.c del componente tiff2ps. La manipulación provoca la desreferencia de puntero nulo. Es posible lanzar el ataque contra el host local. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. El parche se llama 6ba36f159fd396ad11bf6b7874554197736ecc8b. Se recomienda aplicar un parche para solucionar este problema. Uno de los fabricantes explica que «este error solo ocurre si se utiliza la opción DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) o TIFFOpen( .. "rD")».

05 Aug 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 00:15

Updated : 2025-08-05 16:15

NVD link : CVE-2025-8534

Mitre link : CVE-2025-8534

CVE.ORG link : CVE-2025-8534

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

2.5 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.0 /10

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-8534

2.5^/10

1.0^/10

Attach tags to `CVE-2025-8534`