SB2025080553 - Multiple vulnerabilities in LibTIFF
Published: August 5, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-8176)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the get_histogram() function in tools/tiffmedian.c. A remote attacker can pass a specially crafted image to the application and execute arbitrary code on the system.
2) NULL pointer dereference (CVE-ID: CVE-2024-13978)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the t2p_read_tiff_init() function in tools/tiff2pdf.c. A remote attacker can pass a specially crafted image to the application and perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2025-8534)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the PS_Lvl2page() function in tools/tiff2ps.c. A remote attacker can pass a specially crafted image to the application and perform a denial of service (DoS) attack.
4) Buffer overflow (CVE-ID: CVE-2025-8177)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the setrow() function in tools/thumbnail.c. A remote attacker can pass a specially crafted image to the application, trigger memory corruption and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172
- https://gitlab.com/libtiff/libtiff/-/issues/707
- https://gitlab.com/libtiff/libtiff/-/merge_requests/727
- https://vuldb.com/?ctiid.317590
- https://vuldb.com/?id.317590
- https://vuldb.com/?submit.621796
- https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4
- https://gitlab.com/libtiff/libtiff/-/issues/649
- https://gitlab.com/libtiff/libtiff/-/merge_requests/667
- https://vuldb.com/?ctiid.318355
- https://vuldb.com/?id.318355
- https://vuldb.com/?submit.624562
- https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link
- https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b
- https://gitlab.com/libtiff/libtiff/-/issues/718
- https://gitlab.com/libtiff/libtiff/-/merge_requests/746
- https://vuldb.com/?ctiid.318664
- https://vuldb.com/?id.318664
- https://vuldb.com/?submit.617831
- https://gitlab.com/libtiff/libtiff/-/issues/715
- https://gitlab.com/libtiff/libtiff/-/merge_requests/737
- https://vuldb.com/?ctiid.317591
- https://vuldb.com/?id.317591
- https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22
- https://vuldb.com/?submit.621797