CVE-2025-8177

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
libtifflibtiff
𝑥
≤ 4.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
trixie
unimportant
trixie (security)
unimportant
forky
4.7.1-1
fixed
sid
4.7.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
plucky
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
Fixed 4.0.6-1ubuntu0.8+esm18
released
trusty
Fixed 4.0.3-7ubuntu0.11+esm15
released
Common Weakness Enumeration
References
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22
https://gitlab.com/libtiff/libtiff/-/issues/715
https://gitlab.com/libtiff/libtiff/-/merge_requests/737
https://vuldb.com/?ctiid.317591
https://vuldb.com/?id.317591
https://vuldb.com/?submit.621797
https://gitlab.com/libtiff/libtiff/-/issues/715
https://vuldb.com/?submit.621797