CVE-2025-61144

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-61144
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61144.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-61144
Downstream
Published
2026-02-23T19:22:56.643Z
Modified
2026-02-27T00:36:04.880551Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
09f53a86cf26dfd961925227e59e180db617f26d
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
88cf9dbb48f6e172629795ecffae35d5052f68aa

Affected versions

v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1
v4.5.0
v4.5.0rc1
v4.5.0rc2
v4.5.0rc3
v4.5.1
v4.5.1rc1
v4.5.1rc2
v4.5.1rc3
v4.6.0
v4.6.0rc1
v4.6.0rc2
v4.7.0
v4.7.0rc1
v4.7.0rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61144.json"
vanir_signatures 
[
    {
        "id": "CVE-2025-61144-33591842",
        "digest": {
            "length": 1428.0,
            "function_hash": "318869983481412143360048449175735469783"
        },
        "signature_type": "Function",
        "target": {
            "file": "tools/tiffcrop.c",
            "function": "combineSeparateSamplesBytes"
        },
        "signature_version": "v1",
        "source": "https://gitlab.com/libtiff/libtiff@88cf9dbb48f6e172629795ecffae35d5052f68aa",
        "deprecated": false
    },
    {
        "id": "CVE-2025-61144-7b85b89c",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "117356047833621627042809950517766742882",
                "202978539974110920556876707057550081832",
                "34177478431497042861122730405699085293",
                "258876020347354070825944466882961634476"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "tools/tiffcrop.c"
        },
        "signature_version": "v1",
        "source": "https://gitlab.com/libtiff/libtiff@88cf9dbb48f6e172629795ecffae35d5052f68aa",
        "deprecated": false
    }
]