CVE-2025-61144 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805 — Buffer Access with Incorrect Length Value9 documents8 sources

Severity

7.3HIGHNVD

OSV5.5

EPSS

0.0%

top 91.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff Debian Tiff Msrc Azl3 Libtiff 4.6.0-11 ON Azure Linux 3.0 +1 more

Timeline

PublishedFeb 23

Latest updateMar 23

Description

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages4 packages

▶NVDlibtiff/libtiff< 4.7.1

▶msrcmsrc/azl3_libtiff_4.6.0-11_on_azure_linux_3.0

▶msrcmsrc/cbl2_libtiff_4.6.0-11_on_cbl_mariner_2.0

▶debiandebian/tiff< tiff 4.7.1-1 (forky)

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2026-03-23

▶

OSV

CVE-2025-61144: libtiff up to v4↗2026-02-23

▶

GHSA

GHSA-m6xw-mq4p-x7xv: libtiff up to v4↗2026-02-23

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2026-03-23

▶

Red Hat

libtiff: libtiff: Denial of Service via buffer overflow↗2026-02-23

▶

Microsoft

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.↗2026-02-10

▶

Debian

CVE-2025-61144: tiff - libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSepa...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-61144 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶