CVE-2025-8851

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3
https://vuldb.com/?ctiid.319382
https://vuldb.com/?id.319382
https://vuldb.com/?submit.624604
https://vuldb.com/?submit.624604

Configurations

No configuration.

History

12 Aug 2025, 14:15

Type	Values Removed	Values Added
Summary		(es) Se detectó una vulnerabilidad en LibTIFF hasta la versión 4.5.1. Este problema afecta a la función readSeparateStripsetoBuffer del archivo tools/tiffcrop.c del componente tiffcrop. Esta manipulación provoca un desbordamiento del búfer basado en la pila. Se requiere acceso local para abordar este ataque. El parche se identifica como 8a7a48d7a645992ca83062b3a1873c951661e2b3. Se recomienda aplicar un parche para solucionar este problema.
References	~~() https://vuldb.com/?submit.624604 -~~	() https://vuldb.com/?submit.624604 -

11 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-11 14:15

Updated : 2025-08-12 14:15

NVD link : CVE-2025-8851

Mitre link : CVE-2025-8851

CVE.ORG link : CVE-2025-8851

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-8851", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-11T14:15:27.597", "references": [{"url": "http://www.libtiff.org/", "source": "cna@vuldb.com"}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.319382", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.319382", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.624604", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.624604", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en LibTIFF hasta la versi\u00f3n 4.5.1. Este problema afecta a la funci\u00f3n readSeparateStripsetoBuffer del archivo tools/tiffcrop.c del componente tiffcrop. Esta manipulaci\u00f3n provoca un desbordamiento del b\u00fafer basado en la pila. Se requiere acceso local para abordar este ataque. El parche se identifica como 8a7a48d7a645992ca83062b3a1873c951661e2b3. Se recomienda aplicar un parche para solucionar este problema."}], "lastModified": "2025-08-12T14:15:30.617", "sourceIdentifier": "cna@vuldb.com"}