{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8961", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-13T16:01:06.782Z", "datePublished": "2025-08-14T12:02:08.516Z", "dateUpdated": "2025-08-14T13:22:21.582Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-14T12:02:08.516Z"}, "title": "LibTIFF tiffcrop tiffcrop.c mai memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "LibTIFF", "versions": [{"version": "4.7.0", "status": "affected"}], "modules": ["tiffcrop"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Davon betroffen ist die Funktion May der Datei tiffcrop.c der Komponente tiffcrop. Durch das Beeinflussen mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-13T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-13T18:06:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ucas-xd (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.319955", "name": "VDB-319955 | LibTIFF tiffcrop tiffcrop.c mai memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319955", "name": "VDB-319955 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.627957", "name": "Submit #627957 | libtiff tiffcrop 4.7.0 (the newest master) Segmentation Fault", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/721", "tags": ["issue-tracking"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing", "tags": ["exploit"]}, {"url": "http://www.libtiff.org/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T13:20:40.733180Z", "id": "CVE-2025-8961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T13:22:21.582Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-14T13:20:40.733180Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T13:22:17.511Z"}}], "cna": {"title": "LibTIFF tiffcrop tiffcrop.c mai memory corruption", "credits": [{"lang": "en", "type": "reporter", "value": "ucas-xd (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "modules": ["tiffcrop"], "product": "LibTIFF", "versions": [{"status": "affected", "version": "4.7.0"}]}], "timeline": [{"lang": "en", "time": "2025-08-13T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-13T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-13T18:06:10.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319955", "name": "VDB-319955 | LibTIFF tiffcrop tiffcrop.c mai memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319955", "name": "VDB-319955 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.627957", "name": "Submit #627957 | libtiff tiffcrop 4.7.0 (the newest master) Segmentation Fault", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/721", "tags": ["issue-tracking"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing", "tags": ["exploit"]}, {"url": "http://www.libtiff.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Davon betroffen ist die Funktion May der Datei tiffcrop.c der Komponente tiffcrop. Durch das Beeinflussen mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-14T12:02:08.516Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8961", "state": "PUBLISHED", "dateUpdated": "2025-08-14T13:22:21.582Z", "dateReserved": "2025-08-13T16:01:06.782Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-14T12:02:08.516Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2025-8961", "lastModified": "2025-08-15T13:13:07.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-14T13:15:38.037", "references": [{"source": "[email protected]", "url": "http://www.libtiff.org/"}, {"source": "[email protected]", "url": "https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing"}, {"source": "[email protected]", "url": "https://gitlab.com/libtiff/libtiff/-/issues/721"}, {"source": "[email protected]", "url": "https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.319955"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.319955"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.627957"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "libtiff: LibTIFF memory corruption", "id": "2388541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388541"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-8961", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-14T12:02:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8961\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8961\nhttp://www.libtiff.org/\nhttps://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing\nhttps://gitlab.com/libtiff/libtiff/-/issues/721\nhttps://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960\nhttps://vuldb.com/?ctiid.319955\nhttps://vuldb.com/?id.319955\nhttps://vuldb.com/?submit.627957"], "threat_severity": "Low"}