Medium severity5.3NVD Advisory· Published Jul 26, 2025· Updated Apr 29, 2026
CVE-2025-8176
CVE-2025-8176
Description
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
48- osv-coords46 versionspkg:apk/chainguard/tiffpkg:apk/chainguard/tiff-devpkg:apk/chainguard/tiff-docpkg:apk/wolfi/tiffpkg:apk/wolfi/tiff-devpkg:apk/wolfi/tiff-docpkg:rpm/almalinux/libtiffpkg:rpm/almalinux/libtiff-develpkg:rpm/almalinux/libtiff-toolspkg:rpm/almalinux/mingw32-libtiffpkg:rpm/almalinux/mingw32-libtiff-staticpkg:rpm/almalinux/mingw64-libtiffpkg:rpm/almalinux/mingw64-libtiff-staticpkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tiff-man&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/tiff&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/tiff&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/tiff&distro=SUSE%20Manager%20Server%20LTS%204.3
< 4.7.0-r6+ 45 more
- (no CPE)range: < 4.7.0-r6
- (no CPE)range: < 4.7.0-r6
- (no CPE)range: < 4.7.0-r6
- (no CPE)range: < 4.7.0-r6
- (no CPE)range: < 4.7.0-r6
- (no CPE)range: < 4.7.0-r6
- (no CPE)range: < 4.4.0-13.el9_6.2
- (no CPE)range: < 4.4.0-13.el9_6.2
- (no CPE)range: < 4.4.0-13.el9_6.2
- (no CPE)range: < 4.0.9-3.el8_10
- (no CPE)range: < 4.0.9-3.el8_10
- (no CPE)range: < 4.0.9-3.el8_10
- (no CPE)range: < 4.0.9-3.el8_10
- (no CPE)range: < 4.7.0-150600.3.13.1
- (no CPE)range: < 4.7.1-160000.1.1
- (no CPE)range: < 4.7.0-7.1
- (no CPE)range: < 4.7.1-160000.1.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.7.0-150600.3.13.1
- (no CPE)range: < 4.7.0-150600.3.13.1
- (no CPE)range: < 4.7.0-150600.3.13.1
- (no CPE)range: < 4.7.0-150600.3.13.1
- (no CPE)range: < 4.0.9-44.89.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.7.1-160000.1.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.7.1-160000.1.1
- (no CPE)range: < 4.0.9-44.89.1
- (no CPE)range: < 4.7.1-1.1
- (no CPE)range: < 4.7.1-slfo.1.1_1.1
- (no CPE)range: < 4.7.1-160000.1.1
- (no CPE)range: < 4.0.9-150000.45.50.1
- (no CPE)range: < 4.0.9-150000.45.50.1
Patches
Vulnerability mechanics
References
7- gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172nvdPatch
- gitlab.com/libtiff/libtiff/-/issues/707nvdExploitIssue TrackingVendor Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- www.libtiff.orgnvdProduct
- gitlab.com/libtiff/libtiff/-/merge_requests/727nvdProduct
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.