CVE-2025-8176
published 2025-07-26CVE-2025-8176: A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.24%
14.7th percentile
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.7.1-1 (forky) | tiff 4.7.1-1 (forky) |
| libtiff | libtiff | <= 4.7.0 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| msrc | azl3_cmake_3.30.3-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_expat_2.6.4-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_libtiff_4.6.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_python3_3.12.9-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cmake_3.21.4-18_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_expat_2.6.4-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libtiff_4.6.0-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libtiff_4.6.0-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_python3_3.9.19-13_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
osv4.8MEDIUM
vendor_msrc7.5HIGH
vendor_ubuntu5.3MEDIUM
vendor_oracle4.9HIGH
vendor_debian4.8LOW
vendor_redhat4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2025-08-20·CVSS 5.3
CVE-2025-8176 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: Several security issues were fixed in LibTIFF.
It was discovered that LibTIFF incorrectly handled certain memory
operations when using tiffmedian tool. An attacker could trick a user into
processing a specially crafted tiff image file and potentially use this
issue to cause a denial of service. (CVE-2025-8176)
It was discovered that LibTIFF did not properly perform bounds checking
in certain operations when using thumbnail tool. An attacker could trick
a user into processing a specially crafted tiff image file and
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2025-8177)
It was discovered that LibTIFF incorrectly handled certain memory
operations when using tiff2ps too
Red Hat
libtiff: LibTIFF Use-After-Free Vulnerability
vendor_redhat·2025-07-26·CVSS 4.8
CVE-2025-8176 [MEDIUM] CWE-825 libtiff: LibTIFF Use-After-Free Vulnerability
libtiff: LibTIFF Use-After-Free Vulnerability
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (LibExpat) — CVE-2024-8176
vendor_oracle·2025-07-15·CVSS 4.9
CVE-2024-8176 [HIGH] Oracle Oracle Communications Applications Risk Matrix: Core (LibExpat) — CVE-2024-8176
Oracle Oracle Communications Applications Risk Matrix: Core (LibExpat) vulnerability
CVE: CVE-2024-8176
CVSS: 4.9
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujul2025 (JUL 2025)
Microsoft
LibTIFF tiffmedian.c get_histogram use after free
vendor_msrc·2025-07-08·CVSS 5.3
CVE-2025-8176 [MEDIUM] CWE-416 LibTIFF tiffmedian.c get_histogram use after free
LibTIFF tiffmedian.c get_histogram use after free
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
VulDB: VulDB
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.micro
BSD
OpenBSD 7.5 Errata 019: SECURITY FIX
bsd_advisories·2025-03-18·CVSS 7.5
CVE-2024-8176 [HIGH] OpenBSD 7.5 Errata 019: SECURITY FIX
OpenBSD 7.5 Errata 019: SECURITY FIX
019: SECURITY FIX: March 18, 2025
All architectures In libexpat fix crash caused by stack overflow during recursion. CVE-2024-8176
Microsoft
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
vendor_msrc·2025-03-11·CVSS 7.5
CVE-2024-8176 [HIGH] CWE-674 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Debian
CVE-2025-8176: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critic...
vendor_debian·2025·CVSS 4.8
CVE-2025-8176 [MEDIUM] CVE-2025-8176: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critic...
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.7.1-1)
sid: resolved (fixed in 4.7.1-1)
trixie: open
OSV
tiff vulnerabilities
osv·2025-08-20·CVSS 4.8
CVE-2025-8176 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF incorrectly handled certain memory
operations when using tiffmedian tool. An attacker could trick a user into
processing a specially crafted tiff image file and potentially use this
issue to cause a denial of service. (CVE-2025-8176)
It was discovered that LibTIFF did not properly perform bounds checking
in certain operations when using thumbnail tool. An attacker could trick
a user into processing a specially crafted tiff image file and
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2025-8177)
It was discovered that LibTIFF incorrectly handled certain memory
operations when using tiff2ps tool. An attacker could trick a user into
processing a specially craft
GHSA
GHSA-gvgc-3ch5-px8p: A vulnerability was found in LibTIFF up to 4
ghsa_unreviewed·2025-07-26
CVE-2025-8176 [MEDIUM] CWE-119 GHSA-gvgc-3ch5-px8p: A vulnerability was found in LibTIFF up to 4
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
OSV
CVE-2025-8176: A vulnerability was found in LibTIFF up to 4
osv·2025-07-26·CVSS 4.8
CVE-2025-8176 [MEDIUM] CVE-2025-8176: A vulnerability was found in LibTIFF up to 4
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-8176 mingw-libtiff: LibTIFF Use-After-Free Vulnerability [fedora-42]
bugzilla·2025-07-28·CVSS 1.9
CVE-2025-8176 [LOW] CVE-2025-8176 mingw-libtiff: LibTIFF Use-After-Free Vulnerability [fedora-42]
CVE-2025-8176 mingw-libtiff: LibTIFF Use-After-Free Vulnerability [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports fr
Bugzilla
CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability
bugzilla·2025-07-26·CVSS 4.8
CVE-2025-8176 [MEDIUM] CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability
CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:19113 https://access.redhat.com/errata/RHSA-2025:19113
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:19906 https://access.red
http://www.libtiff.org/https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172https://gitlab.com/libtiff/libtiff/-/issues/707https://gitlab.com/libtiff/libtiff/-/merge_requests/727https://vuldb.com/?ctiid.317590https://vuldb.com/?id.317590https://vuldb.com/?submit.621796
2025-07-26
Published