CVE-2025-61143

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
4.7.1-1
fixed
sid
4.7.1-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa
https://gitlab.com/libtiff/libtiff/-/issues/737
https://gitlab.com/libtiff/libtiff/-/merge_requests/755