CVE-2025-8177 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow CWE-74 — Injection10 documents8 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 93.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff

Timeline

PublishedJul 26

Latest updateAug 20

Description

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDlibtiff/libtiff4.7.0

▶CVEListV5libtiff/libtiff8 versions+7

Patches

Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2025-08-20

▶

OSV

CVE-2025-8177: A vulnerability was found in LibTIFF up to 4↗2025-07-26

▶

CVEList

LibTIFF thumbnail.c setrow buffer overflow↗2025-07-26

▶

GHSA

GHSA-w743-578r-x56m: A vulnerability was found in LibTIFF up to 4↗2025-07-26

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2025-08-20

▶

Red Hat

libtiff: LibTIFF Buffer Overflow↗2025-07-26

▶

Microsoft

LibTIFF thumbnail.c setrow buffer overflow↗2025-07-08

▶

Debian

CVE-2025-8177: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical....↗2025

▶

Microsoft

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.↗2020-12-08

▶