CVE-2025-8176

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-8176

Severity

7.8

High

CVSS V3

Description

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

References

https://images.chainguard.dev/security/CGA-m62h-crcv-2677
https://github.com/advisories/GHSA-gvgc-3ch5-px8p
https://gitlab.com/libtiff/libtiff/-/issues/707
https://vuldb.com/?ctiid.317590
https://vuldb.com/?id.317590
https://vuldb.com/?submit.621796
https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172
https://gitlab.com/libtiff/libtiff/-/merge_requests/727
http://www.libtiff.org/
https://security-tracker.debian.org/tracker/CVE-2025-8176

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-8176

Severity

Description

References

Affected packages

Product

Solutions

Customers

Resources

Company