CVE-2025-8534

CVSS v3.1

2.5

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libtiff version 4.6.0

Description A problematic issue exists in libtiff due to a null pointer dereference in the PS Lvl2page function within the tiff2ps component (file tools/tiff2ps.c). The issue occurs when the DEFER STRILE LOAD option is enabled or the TIFFOpen function is used with the "rD" option. Exploitation is considered difficult, but the exploit has been publicly disclosed.

Recommendations Apply the patch 6ba36f159fd396ad11bf6b7874554197736ecc8b to resolve this issue.

Exploit

Fix

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

ALT-PU-2025-10179

ALT-PU-2025-10183

ALT-PU-2025-11213

ALT-PU-2025-11954

AZL-66078

AZL-66095

BDU:2025-09847

CVE-2025-8534

ECHO-EAC8-8550-89F3

MGASA-2025-0252

OESA-2025-2048

OESA-2025-2049

OESA-2025-2050

OESA-2025-2051

OESA-2025-2052

OESA-2025-2091

OPENSUSE-SU-2025:15486-1

OPENSUSE-SU-2025:20049-1

SUSE-SU-2025:03345-1

SUSE-SU-2025:03346-1

SUSE-SU-2025:03348-1

SUSE-SU-2025:20971-1

SUSE-SU-2025:21009-1

SUSE-SU-2025:21032-1

SUSE-SU-2025:21037-1

SUSE-SU-2025_03345-1

SUSE-SU-2025_03346-1

SUSE-SU-2025_03348-1

USN-7707-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Libtiff

CVE-2025-8534

Weakness Enumeration

Related Identifiers

Affected Products

References · 81