CVE-2025-8961

EUVD-2025-24805
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
4.7.0
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise desktop 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.18.1
fixed
libtiff5
suse enterprise desktop 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise desktop 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise server 12 SP3
4.0.9-44.94.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.55.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise desktop 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.55.1
fixed
suse enterprise server 12 SP3
4.0.9-44.94.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.55.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.55.1
fixed
libtiff6
suse enterprise desktop 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.18.1
fixed
libtiff6-32bit
suse enterprise desktop 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise sap 15 SP7
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP6
4.7.0-150600.3.18.1
fixed
suse enterprise server 15 SP7
4.7.0-150600.3.18.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.94.1
fixed
Common Weakness Enumeration
References
http://www.libtiff.org/
https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
https://gitlab.com/libtiff/libtiff/-/issues/721
https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
https://vuldb.com/?ctiid.319955
https://vuldb.com/?id.319955
https://vuldb.com/?submit.627957