UBUNTU-CVE-2025-8176
- Source
- https://ubuntu.com/security/CVE-2025-8176
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-8176.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-8176
- Upstream
- Downstream
- Related
- Published
- 2025-07-26T04:16:00Z
- Modified
- 2025-08-21T04:53:14Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.3-7ubuntu0.11+esm15?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.3-7ubuntu0.11+esm15
Affected versions
4.*
4.0.2-4ubuntu3
4.0.3-5ubuntu1
4.0.3-6
4.0.3-6ubuntu1
4.0.3-7
4.0.3-7ubuntu0.1
4.0.3-7ubuntu0.2
4.0.3-7ubuntu0.3
4.0.3-7ubuntu0.4
4.0.3-7ubuntu0.6
4.0.3-7ubuntu0.7
4.0.3-7ubuntu0.8
4.0.3-7ubuntu0.9
4.0.3-7ubuntu0.10
4.0.3-7ubuntu0.11
4.0.3-7ubuntu0.11+esm1
4.0.3-7ubuntu0.11+esm2
4.0.3-7ubuntu0.11+esm3
4.0.3-7ubuntu0.11+esm4
4.0.3-7ubuntu0.11+esm5
4.0.3-7ubuntu0.11+esm6
4.0.3-7ubuntu0.11+esm7
4.0.3-7ubuntu0.11+esm8
4.0.3-7ubuntu0.11+esm9
4.0.3-7ubuntu0.11+esm10
4.0.3-7ubuntu0.11+esm11
4.0.3-7ubuntu0.11+esm12
4.0.3-7ubuntu0.11+esm13
4.0.3-7ubuntu0.11+esm14
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-doc",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff4-dev",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff5-alt-dev",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff5-dbgsym",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
},
{
"binary_name": "libtiffxx5-dbgsym",
"binary_version": "4.0.3-7ubuntu0.11+esm15"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"priority_reason": "Only a crash in a command-line tool"
}
Ubuntu:Pro:16.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.6-1ubuntu0.8+esm18?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.6-1ubuntu0.8+esm18
Affected versions
4.*
4.0.3-12.3ubuntu2
4.0.5-1
4.0.6-1
4.0.6-1ubuntu0.1
4.0.6-1ubuntu0.2
4.0.6-1ubuntu0.3
4.0.6-1ubuntu0.4
4.0.6-1ubuntu0.5
4.0.6-1ubuntu0.6
4.0.6-1ubuntu0.7
4.0.6-1ubuntu0.8
4.0.6-1ubuntu0.8+esm1
4.0.6-1ubuntu0.8+esm2
4.0.6-1ubuntu0.8+esm3
4.0.6-1ubuntu0.8+esm4
4.0.6-1ubuntu0.8+esm6
4.0.6-1ubuntu0.8+esm7
4.0.6-1ubuntu0.8+esm8
4.0.6-1ubuntu0.8+esm9
4.0.6-1ubuntu0.8+esm10
4.0.6-1ubuntu0.8+esm11
4.0.6-1ubuntu0.8+esm12
4.0.6-1ubuntu0.8+esm13
4.0.6-1ubuntu0.8+esm14
4.0.6-1ubuntu0.8+esm15
4.0.6-1ubuntu0.8+esm16
4.0.6-1ubuntu0.8+esm17
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-doc",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff5-dbgsym",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
},
{
"binary_name": "libtiffxx5-dbgsym",
"binary_version": "4.0.6-1ubuntu0.8+esm18"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "Only a crash in a command-line tool"
}
Ubuntu:Pro:18.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.9-5ubuntu0.10+esm8?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.9-5ubuntu0.10+esm8
Affected versions
4.*
4.0.8-5
4.0.8-6
4.0.9-1
4.0.9-2
4.0.9-3
4.0.9-4
4.0.9-4ubuntu1
4.0.9-5
4.0.9-5ubuntu0.1
4.0.9-5ubuntu0.2
4.0.9-5ubuntu0.3
4.0.9-5ubuntu0.4
4.0.9-5ubuntu0.5
4.0.9-5ubuntu0.6
4.0.9-5ubuntu0.7
4.0.9-5ubuntu0.8
4.0.9-5ubuntu0.9
4.0.9-5ubuntu0.10
4.0.9-5ubuntu0.10+esm1
4.0.9-5ubuntu0.10+esm2
4.0.9-5ubuntu0.10+esm3
4.0.9-5ubuntu0.10+esm4
4.0.9-5ubuntu0.10+esm5
4.0.9-5ubuntu0.10+esm6
4.0.9-5ubuntu0.10+esm7
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-dev",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff-doc",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff5-dbgsym",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
},
{
"binary_name": "libtiffxx5-dbgsym",
"binary_version": "4.0.9-5ubuntu0.10+esm8"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "Only a crash in a command-line tool"
}
Ubuntu:Pro:20.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.1.0+git191117-2ubuntu0.20.04.14+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0+git191117-2ubuntu0.20.04.14+esm1
Affected versions
4.*
4.0.10+git191003-1
4.1.0+git191117-1
4.1.0+git191117-2
4.1.0+git191117-2build1
4.1.0+git191117-2ubuntu0.20.04.1
4.1.0+git191117-2ubuntu0.20.04.2
4.1.0+git191117-2ubuntu0.20.04.3
4.1.0+git191117-2ubuntu0.20.04.4
4.1.0+git191117-2ubuntu0.20.04.5
4.1.0+git191117-2ubuntu0.20.04.6
4.1.0+git191117-2ubuntu0.20.04.7
4.1.0+git191117-2ubuntu0.20.04.8
4.1.0+git191117-2ubuntu0.20.04.9
4.1.0+git191117-2ubuntu0.20.04.10
4.1.0+git191117-2ubuntu0.20.04.11
4.1.0+git191117-2ubuntu0.20.04.12
4.1.0+git191117-2ubuntu0.20.04.13
4.1.0+git191117-2ubuntu0.20.04.14
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-dev",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff-doc",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff5",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff5-dbgsym",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
},
{
"binary_name": "libtiffxx5-dbgsym",
"binary_version": "4.1.0+git191117-2ubuntu0.20.04.14+esm1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "Only a crash in a command-line tool"
}
Ubuntu:22.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.3.0-6ubuntu0.11?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.0-6ubuntu0.11
Affected versions
4.*
4.3.0-1
4.3.0-2
4.3.0-3
4.3.0-3build1
4.3.0-4
4.3.0-5
4.3.0-6
4.3.0-6ubuntu0.1
4.3.0-6ubuntu0.2
4.3.0-6ubuntu0.3
4.3.0-6ubuntu0.4
4.3.0-6ubuntu0.5
4.3.0-6ubuntu0.6
4.3.0-6ubuntu0.7
4.3.0-6ubuntu0.8
4.3.0-6ubuntu0.9
4.3.0-6ubuntu0.10
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-dev",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff-doc",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff5",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff5-dbgsym",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.3.0-6ubuntu0.11"
},
{
"binary_name": "libtiffxx5-dbgsym",
"binary_version": "4.3.0-6ubuntu0.11"
}
],
"availability": "No subscription required",
"priority_reason": "Only a crash in a command-line tool"
}
Ubuntu:24.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.5.1+git230720-4ubuntu2.3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5.1+git230720-4ubuntu2.3
Affected versions
4.*
4.5.1+git230720-1ubuntu1
4.5.1+git230720-3ubuntu1
4.5.1+git230720-4ubuntu1
4.5.1+git230720-4ubuntu2
4.5.1+git230720-4ubuntu2.1
4.5.1+git230720-4ubuntu2.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-dev",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff-doc",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff6",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiff6-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiffxx6",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
},
{
"binary_name": "libtiffxx6-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu2.3"
}
],
"availability": "No subscription required",
"priority_reason": "Only a crash in a command-line tool"
}
Ubuntu:25.04 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.5.1+git230720-4ubuntu4.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5.1+git230720-4ubuntu4.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtiff-dev",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff-doc",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff-opengl",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff-opengl-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff-tools-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff5-dev",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff6",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiff6-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiffxx6",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
},
{
"binary_name": "libtiffxx6-dbgsym",
"binary_version": "4.5.1+git230720-4ubuntu4.1"
}
],
"availability": "No subscription required",
"priority_reason": "Only a crash in a command-line tool"
}