CVE-2025-8176Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After FreeCWE-825Expired Pointer DereferenceCWE-674Uncontrolled Recursion12 documents10 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 94.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libtiff
Timeline
PublishedJul 26
Latest updateAug 20

Description

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDlibtiff/libtiff4.7.0
CVEListV5libtiff/libtiff8 versions+7

Patches

Patch: gitlab.com

🔴Vulnerability Details

4
OSV
tiff vulnerabilities2025-08-20
CVEList
LibTIFF tiffmedian.c get_histogram use after free2025-07-26
GHSA
GHSA-gvgc-3ch5-px8p: A vulnerability was found in LibTIFF up to 42025-07-26
OSV
CVE-2025-8176: A vulnerability was found in LibTIFF up to 42025-07-26

📋Vendor Advisories

7
Ubuntu
LibTIFF vulnerabilities2025-08-20
Red Hat
libtiff: LibTIFF Use-After-Free Vulnerability2025-07-26
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (LibExpat) — CVE-2024-81762025-07-15
Microsoft
LibTIFF tiffmedian.c get_histogram use after free2025-07-08
BSD
OpenBSD 7.5 Errata 019: SECURITY FIX2025-03-18