CVE-2025-8961

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-8961
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.libtiff.org/ Product
https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing Exploit
https://gitlab.com/libtiff/libtiff/-/issues/721 Exploit Issue Tracking Vendor Advisory
https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 Issue Tracking Exploit Vendor Advisory
https://vuldb.com/?ctiid.319955 Permissions Required VDB Entry
https://vuldb.com/?id.319955 Third Party Advisory VDB Entry
https://vuldb.com/?submit.627957 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*
History

11 Sep 2025, 17:00

Type Values Removed Values Added
CPE cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*
First Time Libtiff libtiff
Libtiff
References () http://www.libtiff.org/ - () http://www.libtiff.org/ - Product
References () https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing - () https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing - Exploit
References () https://gitlab.com/libtiff/libtiff/-/issues/721 - () https://gitlab.com/libtiff/libtiff/-/issues/721 - Exploit, Issue Tracking, Vendor Advisory
References () https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 - () https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 - Issue Tracking, Exploit, Vendor Advisory
References () https://vuldb.com/?ctiid.319955 - () https://vuldb.com/?ctiid.319955 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.319955 - () https://vuldb.com/?id.319955 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.627957 - () https://vuldb.com/?submit.627957 - Third Party Advisory, VDB Entry

23 Aug 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad en LibTIFF 4.7.0. Este problema afecta la función May del archivo tiffcrop.c del componente tiffcrop. La manipulación provoca corrupción de memoria. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado.
Summary (en) A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. (en) A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

14 Aug 2025, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-14 13:15

Updated : 2025-09-11 17:00

NVD link : CVE-2025-8961

Mitre link : CVE-2025-8961

CVE.ORG link : CVE-2025-8961

JSON object : View

Products Affected

libtiff

  • libtiff
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer