CVE-2025-9165

LOW EPSS 9.5%
Published Aug 19, 202510mo ago · Modified Jun 17, 20261w ago
1.1 CVSS 4.0
Low
Find Similar
Published Aug 19, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".

CVSS Details

Base Score
1.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
9.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-401
CWE-404

Affected Products 1

VendorProductVersionRange
libtifflibtiff4.7.0any

References 10

  • libtiff.org http://www.libtiff.org/
    Product
  • drive.google.com https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing
    Exploit
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
    Patch
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/issues/728
    ExploitIssue TrackingVendor Advisory
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214
    ExploitIssue TrackingVendor Advisory
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/merge_requests/747
    Issue TrackingPatchVendor Advisory
  • vuldb.com https://vuldb.com/?ctiid.320543
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.320543
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.630506
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.630507
    Third Party AdvisoryVDB Entry

Remediation

  • gitlab.com https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
    Patch
  • gitlab.com https://gitlab.com/libtiff/libtiff/-/merge_requests/747
    Issue TrackingPatchVendor Advisory