cbcvebase.
CVE-2025-8176
published 2025-07-26

CVE-2025-8176: A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file…

PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.24%
14.7th percentile
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Affected

19 ranges
VendorProductVersion rangeFixed in
debiantiff< tiff 4.7.1-1 (forky)tiff 4.7.1-1 (forky)
libtifflibtiff<= 4.7.0
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
msrcazl3_cmake_3.30.3-6_on_azure_linux_3.0
msrcazl3_expat_2.6.4-1_on_azure_linux_3.0
msrcazl3_libtiff_4.6.0-7_on_azure_linux_3.0
msrcazl3_python3_3.12.9-1_on_azure_linux_3.0
msrccbl2_cmake_3.21.4-18_on_cbl_mariner_2.0
msrccbl2_expat_2.6.4-1_on_cbl_mariner_2.0
msrccbl2_libtiff_4.6.0-6_on_cbl_mariner_2.0
msrccbl2_libtiff_4.6.0-8_on_cbl_mariner_2.0
msrccbl2_python3_3.9.19-13_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
osv4.8MEDIUM
vendor_msrc7.5HIGH
vendor_ubuntu5.3MEDIUM
vendor_oracle4.9HIGH
vendor_debian4.8LOW
vendor_redhat4.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.