CVE-2025-8851 | THREATINT

Description

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.

Dies betrifft die Funktion readSeparateStripsetoBuffer der Datei tools/tiffcrop.c der Komponente tiffcrop. Durch Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Patch wird als 8a7a48d7a645992ca83062b3a1873c951661e2b3 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

Reserved 2025-08-10 | Published 2025-08-11 | Updated 2025-08-11 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

Stack-based Buffer Overflow

Memory Corruption

Timeline

2025-08-10:	Advisory disclosed
2025-08-10:	VulDB entry created
2025-08-10:	VulDB entry last update

Credits

arthurx (VulDB User) reporter

References

vuldb.com/?id.319382 (VDB-319382 | LibTIFF tiffcrop tiffcrop.c readSeparateStripsetoBuffer stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.319382 (VDB-319382 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.624604 (Submit #624604 | LibTIFF v4.5.1 Buffer Overflow) third-party-advisory

gitlab.com/...ommit/8a7a48d7a645992ca83062b3a1873c951661e2b3 patch

www.libtiff.org/ product

cve.org (CVE-2025-8851)

nvd.nist.gov (CVE-2025-8851)

Download JSON