QwikSec

Security Database

CVE

CWE

Training

CVE-2025-8177

Published: Jul 26, 2025

Modified: Jul 28, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Vendor	Product	Versions
n/a	LibTIFF	affected `4.0` affected `4.1` affected `4.2` affected `4.3` affected `4.4` +3 more versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-317591 | LibTIFF thumbnail.c setrow buffer overflow

vdb-entry

technical-description

VDB-317591 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #621797 | LibTIFF v4.7.0 Buffer Overflow

third-party-advisory

https://gitlab.com/libtiff/libtiff/-/issues/715

issue-tracking

https://gitlab.com/libtiff/libtiff/-/merge_requests/737

patch

https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22

patch

http://www.libtiff.org/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.