CVE-2025-8961
low
CVSS v3
3.3
CVSS v2
1.7
VIR risk
3.3
Description
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
Predictions
Exploit likelihood
34%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-8961
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-8961.html
Vendor advisory: cna@vuldb.com — https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
Vendor advisory: cna@vuldb.com — https://gitlab.com/libtiff/libtiff/-/issues/721
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 4.7.0-5 |
| debian | sid | fixed | 4.7.0-5 |
| debian | trixie | fixed | 4.7.0-3+deb13u1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| libtiff | libtiff | 4.7.0 | |
References
- http://www.libtiff.org/
- https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
- https://gitlab.com/libtiff/libtiff/-/issues/721
- https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
- https://vuldb.com/?ctiid.319955
- https://vuldb.com/?id.319955
- https://vuldb.com/?submit.627957
- https://www.suse.com/security/cve/CVE-2025-8961.html
- https://security-tracker.debian.org/tracker/CVE-2025-8961
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.