PT-2025-30956 · Libtiff+6 · Libtiff+6

Arthurx

Published

2025-01-01

Updated

2026-04-06

CVE-2025-8177

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF versions up to 4.7.0

Description A critical issue was identified in LibTIFF, specifically within the setrow function of the tools/thumbnail.c file. This manipulation results in a buffer overflow, potentially allowing for local exploitation. The vulnerability affects products that are no longer supported by the maintainer.

Recommendations Apply the patch e8c9d6c616b19438695fd829e58ae4fde5bfbc22 to resolve the issue in LibTIFF versions up to 4.7.0.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

ALT-PU-2025-10179

ALT-PU-2025-10183

ALT-PU-2025-11213

ALT-PU-2025-11954

AZL-65970

AZL-65978

BDU:2025-13920

CVE-2025-8177

ECHO-9FCC-05AD-7B54

MGASA-2025-0252

OESA-2025-1920

OESA-2025-1921

OESA-2025-1922

OPENSUSE-SU-2025:15417-1

OPENSUSE-SU-2025:20049-1

SUSE-SU-2025:02770-1

SUSE-SU-2025:02771-1

SUSE-SU-2025:02815-1

SUSE-SU-2025:20971-1

SUSE-SU-2025:21009-1

SUSE-SU-2025:21032-1

SUSE-SU-2025:21037-1

SUSE-SU-2025_02770-1

SUSE-SU-2025_02771-1

SUSE-SU-2025_02815-1

USN-7707-1

Affected Products

Alt Linux

Debian

Libtiff

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-30956 · Libtiff+6 · Libtiff+6

CVE-2025-8177

Weakness Enumeration

Related Identifiers

Affected Products

References · 82