Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-8176

Good to know:

icon

Date: July 25, 2025

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Severity Score

Related Resources (10)

https://vuldb.com/?id.317590
https://gitlab.com/libtiff/libtiff/-/issues/707
https://vuldb.com/?ctiid.317590
https://security-tracker.debian.org/tracker/CVE-2025-8176
https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172
https://nvd.nist.gov/vuln/detail/CVE-2025-8176
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/merge_requests/727
https://vuldb.com/?submit.621796
https://www.mend.io/vulnerability-database/CVE-2025-8176

Severity Score

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Use After Free

CWE-416

Top Fix

icon

Upgrade Version

Upgrade to version https://gitlab.com/libtiff/libtiff.git - no_fix

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us