CVE-2025-8961

EUVD-2025-24805
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
4.7.0
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise desktop 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.18.1
fixed
libtiff5
suse enterprise desktop 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise desktop 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise server 12 SP3
4.0.9-44.94.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.55.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise desktop 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise server 12 SP3
4.0.9-44.94.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.55.1
fixed
libtiff6
suse enterprise desktop 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.18.1
fixed
libtiff6-32bit
suse enterprise desktop 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.18.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.94.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
compat-libtiff3
Amazon Linux 2
0:3.9.4-12.amzn2.0.7
fixed
compat-libtiff3-debuginfo
Amazon Linux 2
0:3.9.4-12.amzn2.0.7
fixed
libtiff
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-debuginfo
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-debugsource
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-devel
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-static
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-tools
Amazon Linux 2
0:4.0.3-35.amzn2.0.26
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
libtiff-tools-debuginfo
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.23
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libtiff
Azure Linux 3.0
0:4.6.0-11.azl3
fixed
CBL-Mariner 2.0
0:4.6.0-11.cm2
fixed