CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
4.7.1-1
fixed
sid
4.7.1-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289
https://gitlab.com/libtiff/libtiff/-/issues/736
https://gitlab.com/libtiff/libtiff/-/merge_requests/753