VYPR
← All advisories
Low severity3.3NVD Advisory· Published Aug 14, 2025· Updated Apr 29, 2026

CVE-2025-8961

CVE-2025-8961

Description

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in LibTIFF 4.7.0's tiffcrop utility causes a segmentation fault when processing a malformed TIFF image locally, with public exploit code available.

The vulnerability resides in the main function of tiffcrop.c in LibTIFF 4.7.0. The root cause is an invalid memory access during deallocation, where a corrupted pointer is passed to free, leading to a segmentation fault [1][2]. This occurs when the utility processes a crafted TIFF image with unsupported parameters, such as an invalid bit depth of 84, triggering the error handling and subsequent memory corruption [2].

The attack vector is strictly local; an attacker must deliver a malicious TIFF file to the tiffcrop tool. No special privileges are required beyond access to the file system. The exploit code has been made publicly available, increasing the likelihood of targeted denial-of-service attacks [1].

The immediate impact is a program crash, resulting in denial of service. While the official description mentions memory corruption, the referenced analysis only confirms a segmentation fault without evidence of code execution [1]. The CVSS score of 3.3 reflects the low severity due to local attack scope and limited impact.

The vulnerability affects LibTIFF 4.7.0. The latest stable release is v4.7.1 [3], but it is unclear whether it includes a fix. Users are advised to upgrade or avoid processing untrusted TIFF images with tiffcrop until a patched version is confirmed.

References
  1. TIFFCROP Segmentation Fault Vulnerability in main Function (#721) · Issues · libtiff / libtiff · GitLab
  2. TIFFCROP Segmentation Fault Vulnerability in main Function (#721) · Issues · libtiff / libtiff · GitLab
  3. TIFF Library and Utilities — LibTIFF 4.7.1 documentation

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • LibTIFF/Libtiff2 versions
    cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*
    • (no CPE)range: = 4.7.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.