{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8177", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-07-25T08:11:24.760Z", "datePublished": "2025-07-26T04:02:07.897Z", "dateUpdated": "2025-07-28T18:34:44.737Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-26T04:02:07.897Z"}, "title": "LibTIFF thumbnail.c setrow buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "LibTIFF", "versions": [{"version": "4.0", "status": "affected"}, {"version": "4.1", "status": "affected"}, {"version": "4.2", "status": "affected"}, {"version": "4.3", "status": "affected"}, {"version": "4.4", "status": "affected"}, {"version": "4.5", "status": "affected"}, {"version": "4.6", "status": "affected"}, {"version": "4.7.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Eine Schwachstelle wurde in LibTIFF bis 4.7.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion setrow der Datei tools/thumbnail.c. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Patch wird als e8c9d6c616b19438695fd829e58ae4fde5bfbc22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2025-07-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-07-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-07-25T10:16:32.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "arthurx (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.317591", "name": "VDB-317591 | LibTIFF thumbnail.c setrow buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.317591", "name": "VDB-317591 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.621797", "name": "Submit #621797 | LibTIFF v4.7.0 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/715", "tags": ["issue-tracking"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/737", "tags": ["patch"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22", "tags": ["patch"]}, {"url": "http://www.libtiff.org/", "tags": ["product"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/715", "tags": ["exploit"]}, {"url": "https://vuldb.com/?submit.621797", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T18:34:41.472306Z", "id": "CVE-2025-8177", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T18:34:44.737Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8177", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T18:34:41.472306Z"}}}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/715", "tags": ["exploit"]}, {"url": "https://vuldb.com/?submit.621797", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T18:34:33.231Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "LibTIFF thumbnail.c setrow buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "arthurx (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "product": "LibTIFF", "versions": [{"status": "affected", "version": "4.0"}, {"status": "affected", "version": "4.1"}, {"status": "affected", "version": "4.2"}, {"status": "affected", "version": "4.3"}, {"status": "affected", "version": "4.4"}, {"status": "affected", "version": "4.5"}, {"status": "affected", "version": "4.6"}, {"status": "affected", "version": "4.7.0"}]}], "timeline": [{"lang": "en", "time": "2025-07-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-07-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-07-25T10:16:32.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.317591", "name": "VDB-317591 | LibTIFF thumbnail.c setrow buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.317591", "name": "VDB-317591 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.621797", "name": "Submit #621797 | LibTIFF v4.7.0 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/issues/715", "tags": ["issue-tracking"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/737", "tags": ["patch"]}, {"url": "https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22", "tags": ["patch"]}, {"url": "http://www.libtiff.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Eine Schwachstelle wurde in LibTIFF bis 4.7.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion setrow der Datei tools/thumbnail.c. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Patch wird als e8c9d6c616b19438695fd829e58ae4fde5bfbc22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-26T04:02:07.897Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8177", "state": "PUBLISHED", "dateUpdated": "2025-07-28T18:34:44.737Z", "dateReserved": "2025-07-25T08:11:24.760Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-07-26T04:02:07.897Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1BCCE2B-687E-4E40-B318-41EB2DB40642", "versionEndIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en LibTIFF hasta la versi\u00f3n 4.7.0. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n setrow del archivo tools/thumbnail.c. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es necesario abordar un ataque localmente. El parche se llama e8c9d6c616b19438695fd829e58ae4fde5bfbc22. Se recomienda aplicar un parche para solucionar este problema. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante."}], "id": "CVE-2025-8177", "lastModified": "2025-09-11T16:57:45.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-07-26T04:16:10.983", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "http://www.libtiff.org/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/715"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/737"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.317591"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.317591"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.621797"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/715"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.621797"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libtiff: LibTIFF Buffer Overflow", "id": "2383608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383608"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-120)", "details": ["A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.", "A flaw was found in libtiff. The `setrow` function in `file tools/thumbnail.c` contains a buffer overflow vulnerability triggered by manipulation of image data, which can allow a local attacker to cause a denial of service. This overflow occurs when processing a crafted file. The vulnerability stems from insufficient bounds checking during row data assignment."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-8177", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-26T04:02:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8177\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8177\nhttp://www.libtiff.org/\nhttps://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22\nhttps://gitlab.com/libtiff/libtiff/-/issues/715\nhttps://gitlab.com/libtiff/libtiff/-/merge_requests/737\nhttps://vuldb.com/?ctiid.317591\nhttps://vuldb.com/?id.317591\nhttps://vuldb.com/?submit.621797"], "threat_severity": "Moderate"}

{"created": "2025-07-28T12:45:52.370848+00:00", "updated": "2025-07-28T12:45:52.370928+00:00", "vendors": ["libtiff", "libtiff$PRODUCT$libtiff"]}