LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak_CVE-2025-9165

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue.

Basic Information

ID CVE-2025-9165

Source VulDB

Published Aug 19, 2025 at 20:02

Modified Aug 19, 2025 at 20:31

Affected Product

Vendor n/a

Product LibTIFF

Version 4.7.0

Affected Versions n/a LibTIFF 4.7.0

CWE Classification

CWE-401 CWE-404

References

{
    "lastseen": "",
    "description": "A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue.",
    "published": "2025-08-19T20:02:13.694Z",
    "modified": "2025-08-19T20:31:44.305Z",
    "type": "cve",
    "title": "LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320543\nhttps://vuldb.com/?ctiid.320543\nhttps://vuldb.com/?submit.630506\nhttps://vuldb.com/?submit.630507\nhttps://gitlab.com/libtiff/libtiff/-/issues/728\nhttps://gitlab.com/libtiff/libtiff/-/merge_requests/747\nhttps://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing\nhttps://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0\nhttp://www.libtiff.org/",
    "id": "CVE-2025-9165",
    "bulletinFamily": "",
    "cwe": [
        "CWE-401",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "n/a LibTIFF 4.7.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LibTIFF",
    "version": "4.7.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}