CVE-2025-8534

LOW EPSS 7.1%
Published Aug 5, 202510mo ago · Modified Jun 17, 20261w ago
1.1 CVSS 4.0
Low
Find Similar
Published Aug 5, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

CVSS Details

Base Score
1.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
7.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-404
CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 1

VendorProductVersionRange
libtifflibtiff4.6.0any

References 8

  • libtiff.org http://www.libtiff.org/
    Product
  • drive.google.com https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link
    Exploit
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b
    Patch
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/issues/718
    ExploitIssue TrackingVendor Advisory
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/merge_requests/746
    Product
  • vuldb.com https://vuldb.com/?ctiid.318664
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.318664
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.617831
    Third Party AdvisoryVDB Entry

Remediation

  • gitlab.com https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b
    Patch