CVE-2025-61143 — NULL Pointer Dereference in Libtiff

CWE-476 — NULL Pointer Dereference10 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff

Timeline

PublishedFeb 23

Latest updateMar 23

Description

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibtiff/libtiff< 4.7.1

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2026-03-23

▶

OSV

CVE-2025-61143: libtiff up to v4↗2026-02-23

▶

CVEList

CVE-2025-61143: libtiff up to v4↗2026-02-23

▶

GHSA

GHSA-p884-v7p5-5858: libtiff up to v4↗2026-02-23

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2026-03-23

▶

Red Hat

libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c↗2026-02-23

▶

Microsoft

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.↗2026-02-10

▶

Debian

CVE-2025-61143: tiff - libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via th...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-61143 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶