CVE-2025-8534Improper Resource Shutdown or Release in Libtiff

CWE-404Improper Resource Shutdown or ReleaseCWE-476NULL Pointer Dereference9 documents8 sources
Severity
2.0LOWNVD
OSV4.8
EPSS
0.0%
top 89.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libtiff
Timeline
PublishedAug 5
Latest updateAug 20

Description

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5libtiff/libtiff4.6.0
NVDlibtiff/libtiff4.6.0

Patches

Patch: gitlab.com

🔴Vulnerability Details

4
OSV
tiff vulnerabilities2025-08-20
GHSA
GHSA-xgh3-993q-r2x8: A vulnerability classified as problematic was found in libtiff 42025-08-05
OSV
CVE-2025-8534: A vulnerability classified as problematic was found in libtiff 42025-08-05
CVEList
libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference2025-08-04

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2025-08-20
Microsoft
libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference2025-08-12
Red Hat
libtiff: Libtiff Null Pointer Dereference Vulnerability2025-08-04
Debian
CVE-2025-8534: tiff - A vulnerability classified as problematic was found in libtiff 4.6.0. This vulne...2025