CVE-2025-8961

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.libtiff.org/
https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing
https://gitlab.com/libtiff/libtiff/-/issues/721
https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960
https://vuldb.com/?ctiid.319955
https://vuldb.com/?id.319955
https://vuldb.com/?submit.627957

Configurations

No configuration.

History

23 Aug 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Se identificó una vulnerabilidad en LibTIFF 4.7.0. Este problema afecta la función May del archivo tiffcrop.c del componente tiffcrop. La manipulación provoca corrupción de memoria. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado.
Summary	(en) A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.	(en) A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

14 Aug 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 13:15

Updated : 2025-08-23 16:15

NVD link : CVE-2025-8961

Mitre link : CVE-2025-8961

CVE.ORG link : CVE-2025-8961

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-8961

3.3^/10

1.7^/10

Attach tags to `CVE-2025-8961`