Buffer Overflow Vulnerability in LibTIFF Affected by Local Exploits
CVE-2025-8177

4.8MEDIUM

Key Information:

Vendor

LibTIFF

Status
Libtiff
Vendor
CVE Published:
26 July 2025

What is CVE-2025-8177?

A buffer overflow vulnerability was identified in the LibTIFF library, affecting versions up to 4.7.0. The issue arises within the setrow function located in the file tools/thumbnail.c, and it can be exploited locally. Attackers may utilize this vulnerability to manipulate memory allocation, potentially leading to unauthorized access or system crashes. Users are urged to apply the patch identified as e8c9d6c616b19438695fd829e58ae4fde5bfbc22 to mitigate this risk. It is important to note that this vulnerability impacts products that are no longer supported by the maintainer, underscoring the need for users to prioritize updating their software.

Affected Version(s)

LibTIFF 4.0

LibTIFF 4.1

LibTIFF 4.2

References

https://vuldb.com/?id.317591
vdb-entrytechnical-description
https://vuldb.com/?ctiid.317591
signaturepermissions-required
https://vuldb.com/?submit.621797
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

arthurx (VulDB User)
.
CVE-2025-8177 : Buffer Overflow Vulnerability in LibTIFF Affected by Local Exploits