CVE-2025-8961

NameCVE-2025-8961
DescriptionA weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1111317

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)bullseye4.2.0-1+deb11u5vulnerable
bullseye (security)4.2.0-1+deb11u6vulnerable
bookworm4.5.0-6+deb12u2vulnerable
bookworm (security)4.5.0-6+deb12u1vulnerable
trixie4.7.0-3vulnerable
forky, sid4.7.0-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsource(unstable)(unfixed)1111317

Notes

[trixie] - tiff <no-dsa> (Minor issue)
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <postponed> (Minor issue)
https://gitlab.com/libtiff/libtiff/-/issues/721

Search for package or bug name: Reporting problems