CVE-2025-61145Double Free in Libtiff

CWE-415Double FreeCWE-1341Multiple Releases of Same Resource or Handle8 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
0.0%
top 98.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libtiff
Timeline
PublishedFeb 23

Description

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages1 packages

NVDlibtiff/libtiff< 4.7.1

🔴Vulnerability Details

3
OSV
CVE-2025-61145: libtiff up to v42026-02-23
CVEList
CVE-2025-61145: libtiff up to v42026-02-23
GHSA
GHSA-5jj2-qhxw-rpq6: libtiff up to v42026-02-23

📋Vendor Advisories

3
Red Hat
libtiff: libtiff: Denial of service via double free in tiffcrop.c2026-02-23
Microsoft
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.2026-02-10
Debian
CVE-2025-61145: tiff - libtiff up to v4.7.1 was discovered to contain a double free via the component t...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-61145 Impact, Exploitability, and Mitigation Steps | Wiz