CVE-2025-8534

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.5 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
2.5 LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
libtifflibtiff
4.6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
plucky
Fixed 4.5.1+git230720-4ubuntu4.1
released
noble
Fixed 4.5.1+git230720-4ubuntu2.3
released
jammy
Fixed 4.3.0-6ubuntu0.11
released
focal
Fixed 4.1.0+git191117-2ubuntu0.20.04.14+esm1
released
bionic
Fixed 4.0.9-5ubuntu0.10+esm8
released
xenial
Fixed 4.0.6-1ubuntu0.8+esm18
released
trusty
Fixed 4.0.3-7ubuntu0.11+esm15
released
qtwebengine-opensource-src
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
texmaker
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
gdal
plucky
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
needs-triage
trusty
needs-triage
neuron
plucky
not-affected
noble
not-affected
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
Common Weakness Enumeration
References
http://www.libtiff.org/
https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link
https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b
https://gitlab.com/libtiff/libtiff/-/issues/718
https://gitlab.com/libtiff/libtiff/-/merge_requests/746
https://vuldb.com/?ctiid.318664
https://vuldb.com/?id.318664
https://vuldb.com/?submit.617831
https://gitlab.com/libtiff/libtiff/-/issues/718
https://vuldb.com/?submit.617831