CVE-2025-61143

EUVD-2025-207646
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
𝑥
< 4.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
4.7.1-2
fixed
sid
4.7.1-2
fixed
trixie
unimportant
trixie (security)
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
libtiff5
suse enterprise desktop 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.63.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.63.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
Common Weakness Enumeration
References
https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa
https://gitlab.com/libtiff/libtiff/-/issues/737
https://gitlab.com/libtiff/libtiff/-/merge_requests/755