CVE-2025-61144

EUVD-2025-207645
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
𝑥
< 4.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
4.7.1-2
fixed
sid
4.7.1-2
fixed
trixie
unimportant
trixie (security)
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
libtiff5
suse enterprise desktop 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.63.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.63.1
fixed
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.63.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.63.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.109.1
fixed
Common Weakness Enumeration
References
https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952
https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d
https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa
https://gitlab.com/libtiff/libtiff/-/issues/740
https://gitlab.com/libtiff/libtiff/-/merge_requests/757