CVE-2025-61144

EUVD-2025-207645
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
𝑥
< 4.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
4.7.2-1
fixed
sid
4.7.2-1
fixed
trixie
unimportant
trixie (security)
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
libtiff5
suse enterprise desktop 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.63.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.63.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
compat-libtiff3
Amazon Linux 2
0:3.9.4-12.amzn2.0.8
fixed
compat-libtiff3-debuginfo
Amazon Linux 2
0:3.9.4-12.amzn2.0.8
fixed
libtiff
Amazon Linux 2
0:4.0.3-35.amzn2.0.29
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
libtiff-debuginfo
Amazon Linux 2
0:4.0.3-35.amzn2.0.29
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
libtiff-debugsource
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
libtiff-devel
Amazon Linux 2
0:4.0.3-35.amzn2.0.29
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
libtiff-static
Amazon Linux 2
0:4.0.3-35.amzn2.0.29
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
libtiff-tools
Amazon Linux 2
0:4.0.3-35.amzn2.0.29
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
libtiff-tools-debuginfo
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.25
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libtiff
Azure Linux 3.0
0:4.6.0-12.azl3
fixed
CBL-Mariner 2.0
0:4.6.0-12.cm2
fixed