2.5 CVE-2025-9165
Patch Exploit
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".
https://nvd.nist.gov/vuln/detail/CVE-2025-9165
Categories
CWE-401
References
af854a3a-2127-422b-91ae-364da2661108 Exploit
| https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214 Exploit Issue Tracking Vendor Advisory |
cna@vuldb.com Patch Exploit
| http://www.libtiff.org/ Product |
| https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sh... Exploit |
| https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d58... Patch |
| https://gitlab.com/libtiff/libtiff/-/issues/728 Exploit Issue Tracking Vendor Advisory |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/747 Issue Tracking Patch Vendor Advisory |
| https://vuldb.com/?ctiid.320543 Permissions Required VDB Entry |
| https://vuldb.com/?id.320543 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.630506 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.630507 Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:* | ||
REMEDIATION
Patch
| Url |
|---|
| https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d58... |
| https://gitlab.com/libtiff/libtiff/-/merge_requests/747 |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214 |
| https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sh... |
| https://gitlab.com/libtiff/libtiff/-/issues/728 |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
