Stack-Based Buffer Overflow in LibTIFF tiffcrop by LibTIFF
CVE-2025-8851

4.8MEDIUM

Key Information:

Vendor

LibTIFF

Status
Libtiff
Vendor
CVE Published:
11 August 2025

What is CVE-2025-8851?

A vulnerability exists in the LibTIFF library, specifically in the functionality of the tiffcrop tool's readSeparateStripsetoBuffer method. This flaw could result in a stack-based buffer overflow, necessitating local access to exploit. Users of LibTIFF version 4.5.1 and earlier are urged to apply the patch, identified by commit 8a7a48d7a645992ca83062b3a1873c951661e2b3, in order to mitigate this risk.

Affected Version(s)

LibTIFF 4.5.0

LibTIFF 4.5.1

References

https://vuldb.com/?id.319382
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319382
signaturepermissions-required
https://vuldb.com/?submit.624604
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

arthurx (VulDB User)
.
CVE-2025-8851 : Stack-Based Buffer Overflow in LibTIFF tiffcrop by LibTIFF