CVE-2025-8176

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172
https://gitlab.com/libtiff/libtiff/-/issues/707
https://gitlab.com/libtiff/libtiff/-/merge_requests/727
https://vuldb.com/?ctiid.317590
https://vuldb.com/?id.317590
https://vuldb.com/?submit.621796

Configurations

No configuration.

History

26 Jul 2025, 04:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-26 04:16

Updated : 2025-07-26 04:16

NVD link : CVE-2025-8176

Mitre link : CVE-2025-8176

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.libtiff.org/", "name": "http://www.libtiff.org/", "tags": [], "refsource": ""}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172", "name": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172", "tags": [], "refsource": ""}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/707", "name": "https://gitlab.com/libtiff/libtiff/-/issues/707", "tags": [], "refsource": ""}, {"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727", "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.317590", "name": "VDB-317590 | CTI Indicators (IOB, IOC, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.317590", "name": "VDB-317590 | LibTIFF tiffmedian.c get_histogram use after free", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.621796", "name": "Submit #621796 | LibTIFF v4.7.0 Use After Free", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-416"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-8176", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}}, "publishedDate": "2025-07-26T04:16Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-26T04:16Z"}