CVE-2025-8961

LOW

libtiff 4.7.0 - Memory Corruption in tiffcrop

Title source: llm

Description

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.319955

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.319955

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.627957

Exploit, Issue Tracking, Vendor Advisory issue-tracking

https://gitlab.com/libtiff/libtiff/-/issues/721

Exploit, Issue Tracking, Vendor Advisory issue-tracking

https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960

Exploit exploit

https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing

Product product

http://www.libtiff.org/

Scores

CVSS v3 3.3

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-119

Status published

Products (1)

libtiff/libtiff 4.7.0

Published Aug 14, 2025

Tracked Since Feb 18, 2026