CVE-2025-8177

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-8177
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8177.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8177
Downstream
Related
Published
2025-07-26T04:16:10.983Z
Modified
2026-04-02T13:05:55.649009Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9dff73bebc5661f2dace6f16e14cf9e857172f4e
Fixed
e8c9d6c616b19438695fd829e58ae4fde5bfbc22
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.7.0"
        }
    ]
}

Affected versions

v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v3.9.0
v3.9.0beta
v3.9.1
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
v4.3.0rc1
v4.4.0
v4.4.0rc1
v4.5.0
v4.5.0rc1
v4.5.0rc2
v4.5.0rc3
v4.5.1
v4.5.1rc1
v4.5.1rc2
v4.5.1rc3
v4.6.0
v4.6.0rc1
v4.6.0rc2
v4.7.0
v4.7.0rc1
v4.7.0rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8177.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "297780625197446333907723077312940831795",
                "270735107877385796218935091708520464452",
                "315055247066183815880568827534154164368",
                "329264990900716605034686252948964790648"
            ],
            "threshold": 0.9
        },
        "source": "https://gitlab.com/libtiff/libtiff@e8c9d6c616b19438695fd829e58ae4fde5bfbc22",
        "id": "CVE-2025-8177-8059c902",
        "target": {
            "file": "tools/thumbnail.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "11530096224261753264118971993864683479",
            "length": 1013.0
        },
        "source": "https://gitlab.com/libtiff/libtiff@e8c9d6c616b19438695fd829e58ae4fde5bfbc22",
        "id": "CVE-2025-8177-e319bec8",
        "target": {
            "file": "tools/thumbnail.c",
            "function": "setrow"
        }
    }
]