CVE-2025-8176

EUVD-2025-22777
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
𝑥
≤ 4.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
4.7.1-2
fixed
sid
4.7.1-2
fixed
trixie
unimportant
trixie (security)
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
bionic
Fixed 4.0.9-5ubuntu0.10+esm8
released
focal
Fixed 4.1.0+git191117-2ubuntu0.20.04.14+esm1
released
jammy
Fixed 4.3.0-6ubuntu0.11
released
noble
Fixed 4.5.1+git230720-4ubuntu2.3
released
plucky
Fixed 4.5.1+git230720-4ubuntu4.1
released
trusty
Fixed 4.0.3-7ubuntu0.11+esm15
released
xenial
Fixed 4.0.6-1ubuntu0.8+esm18
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise desktop 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.13.1
fixed
suse enterprise sap 15 SP3
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP4
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP5
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.13.1
fixed
suse enterprise server 12 SP5
4.0.9-44.89.1
fixed
suse enterprise server 15 SP2
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP3
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP5
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.13.1
fixed
libtiff5
suse enterprise desktop 15 SP6
4.0.9-150000.45.50.1
fixed
suse enterprise desktop 15 SP7
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP3
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP4
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP5
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP6
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.50.1
fixed
suse enterprise server 12 SP3
4.0.9-44.89.1
fixed
suse enterprise server 12 SP5
4.0.9-44.89.1
fixed
suse enterprise server 15 SP2
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP3
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP5
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.50.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP6
4.0.9-150000.45.50.1
fixed
suse enterprise desktop 15 SP7
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP3
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP4
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP5
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP6
4.0.9-150000.45.50.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.50.1
fixed
suse enterprise server 12 SP3
4.0.9-44.89.1
fixed
suse enterprise server 12 SP5
4.0.9-44.89.1
fixed
suse enterprise server 15 SP2
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP3
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP5
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.50.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.50.1
fixed
libtiff6
suse enterprise desktop 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.13.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.13.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.13.1
fixed
libtiff6-32bit
suse enterprise desktop 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.13.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.13.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.13.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.13.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.89.1
fixed
suse enterprise server 12 SP5
4.0.9-44.89.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libtiff
RHEL 8
0:4.0.9-36.el8_10
fixed
RHEL 9
0:4.4.0-15.el9_7.2
fixed
libtiff-devel
RHEL 8
0:4.0.9-36.el8_10
fixed
RHEL 9
0:4.4.0-15.el9_7.2
fixed
libtiff-tools
RHEL 8
0:4.0.9-36.el8_10
fixed
RHEL 9
0:4.4.0-15.el9_7.2
fixed
mingw32-libtiff
RHEL 8
0:4.0.9-3.el8_10
fixed
mingw32-libtiff-static
RHEL 8
0:4.0.9-3.el8_10
fixed
mingw64-libtiff
RHEL 8
0:4.0.9-3.el8_10
fixed
mingw64-libtiff-static
RHEL 8
0:4.0.9-3.el8_10
fixed
spice-client-win-x64
RHEL 8.2 AUS
0:8.10-3.el8_2.1
fixed
RHEL 8.4 AUS
0:8.10-3.el8_4.1
fixed
RHEL 8.6 AUS
0:8.10-3.el8_6.1
fixed
RHEL 8.6 E4S
0:8.10-3.el8_6.1
fixed
RHEL 8.6 TUS
0:8.10-3.el8_6.1
fixed
RHEL 8.8 E4S
0:8.10-3.el8_8.1
fixed
RHEL 8.8 TUS
0:8.10-3.el8_8.1
fixed
spice-client-win-x86
RHEL 8.2 AUS
0:8.10-3.el8_2.1
fixed
RHEL 8.4 AUS
0:8.10-3.el8_4.1
fixed
RHEL 8.6 AUS
0:8.10-3.el8_6.1
fixed
RHEL 8.6 E4S
0:8.10-3.el8_6.1
fixed
RHEL 8.6 TUS
0:8.10-3.el8_6.1
fixed
RHEL 8.8 E4S
0:8.10-3.el8_8.1
fixed
RHEL 8.8 TUS
0:8.10-3.el8_8.1
fixed
Common Weakness Enumeration
References
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172
https://gitlab.com/libtiff/libtiff/-/issues/707
https://gitlab.com/libtiff/libtiff/-/merge_requests/727
https://vuldb.com/?ctiid.317590
https://vuldb.com/?id.317590
https://vuldb.com/?submit.621796