CVE-2025-8851 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow CWE-805 — Buffer Access with Incorrect Length Value9 documents8 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 94.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff

Timeline

PublishedAug 11

Latest updateAug 20

Description

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDlibtiff/libtiff4.5.1

▶CVEListV5libtiff/libtiff4.5.0, 4.5.1+1

Patches

Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2025-08-20

▶

GHSA

GHSA-mcqf-6qjh-v78v: A vulnerability was determined in LibTIFF up to 4↗2025-08-11

▶

OSV

CVE-2025-8851: A vulnerability was determined in LibTIFF up to 4↗2025-08-11

▶

CVEList

LibTIFF tiffcrop tiffcrop.c readSeparateStripsetoBuffer stack-based overflow↗2025-08-11

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2025-08-20

▶

Microsoft

LibTIFF tiffcrop tiffcrop.c readSeparateStripsetoBuffer stack-based overflow↗2025-08-12

▶

Red Hat

libtiff: LibTIFF Stack-based buffer overflow↗2025-08-11

▶

Debian

CVE-2025-8851: tiff - A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is...↗2025

▶