CVE-2025-61145

EUVD-2025-207644
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
𝑥
< 4.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
4.7.2-1
fixed
sid
4.7.2-1
fixed
trixie
unimportant
trixie (security)
unimportant
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
compat-libtiff3
Amazon Linux 2
0:3.9.4-12.amzn2.0.7
fixed
compat-libtiff3-debuginfo
Amazon Linux 2
0:3.9.4-12.amzn2.0.7
fixed
libtiff
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-debuginfo
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-debugsource
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-devel
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-static
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-tools
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-tools-debuginfo
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libtiff
Azure Linux 3.0
0:4.6.0-11.azl3
fixed
CBL-Mariner 2.0
0:4.6.0-11.cm2
fixed