cve-2025-8961
Vulnerability from cvelistv5
Published
2025-08-14 12:02
Modified
2025-08-23 15:11
Severity ?
EPSS score ?
Summary
LibTIFF tiffcrop tiffcrop.c main memory corruption
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | http://www.libtiff.org/ | Product | |
| cna@vuldb.com | https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing | Exploit | |
| cna@vuldb.com | https://gitlab.com/libtiff/libtiff/-/issues/721 | Exploit, Issue Tracking, Vendor Advisory | |
| cna@vuldb.com | https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 | Issue Tracking, Exploit, Vendor Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319955 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319955 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.627957 | Third Party Advisory, VDB Entry |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8961",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T13:20:40.733180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T13:22:21.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"tiffcrop"
],
"product": "LibTIFF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ucas-xd (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "In LibTIFF 4.7.0 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion main der Datei tiffcrop.c der Komponente tiffcrop. Die Bearbeitung verursacht memory corruption. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T15:11:07.640Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319955 | LibTIFF tiffcrop tiffcrop.c main memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319955"
},
{
"name": "VDB-319955 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319955"
},
{
"name": "Submit #627957 | libtiff tiffcrop 4.7.0 (the newest master) Segmentation Fault",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.627957"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/721"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "http://www.libtiff.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:15:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "LibTIFF tiffcrop tiffcrop.c main memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8961",
"datePublished": "2025-08-14T12:02:08.516Z",
"dateReserved": "2025-08-13T16:01:06.782Z",
"dateUpdated": "2025-08-23T15:11:07.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-8961\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-14T13:15:38.037\",\"lastModified\":\"2025-09-11T17:00:30.487\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 una vulnerabilidad en LibTIFF 4.7.0. Este problema afecta la funci\u00f3n May del archivo tiffcrop.c del componente tiffcrop. La manipulaci\u00f3n provoca corrupci\u00f3n de memoria. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":1.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.1,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC18E9C8-BF8F-412F-88EE-010FDA542285\"}]}]}],\"references\":[{\"url\":\"http://www.libtiff.org/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]},{\"url\":\"https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/issues/721\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Issue Tracking\",\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.319955\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.319955\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.627957\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.