cbcvebase.
CVE-2025-8961
published 2025-08-14

CVE-2025-8961: A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can…

PriorityP412low3.3CVSS 3.1
AVLACLPRLUINSUCNINAL
EPSS
0.19%
8.4th percentile
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiantiff< tiff 4.7.0-5 (forky)tiff 4.7.0-5 (forky)
libtifflibtiff
msrcazl3_libtiff_4.6.0-10_on_azure_linux_3.0
msrcazl3_libtiff_4.6.0-11_on_azure_linux_3.0
msrcazl3_libtiff_4.6.0-7_on_azure_linux_3.0
msrcazl3_libtiff_4.6.0-8_on_azure_linux_3.0
msrccbl2_libtiff_4.6.0-10_on_cbl_mariner_2.0
msrccbl2_libtiff_4.6.0-11_on_cbl_mariner_2.0
msrccbl2_libtiff_4.6.0-6_on_cbl_mariner_2.0
msrccbl2_libtiff_4.6.0-8_on_cbl_mariner_2.0
msrccbl2_libtiff_4.6.0-9_on_cbl_mariner_2.0

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.01.7LOWAV:L/AC:L/Au:S/C:N/I:N/A:P
osv4.8MEDIUM
vendor_debian4.8LOW
vendor_redhat4.8MEDIUM
vendor_msrc3.3LOW
vendor_ubuntu3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.