{"api_version":"1","generated_at":"2026-05-12T23:15:53+00:00","cve":"CVE-2025-8176","urls":{"html":"https://cve.report/CVE-2025-8176","api":"https://cve.report/api/cve/CVE-2025-8176.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-8176","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-8176"},"summary":{"title":"LibTIFF tiffmedian.c get_histogram use after free","description":"A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.","state":"PUBLISHED","assigner":"VulDB","published_at":"2025-07-26 04:16:10","updated_at":"2026-04-29 01:00:01"},"problem_types":["CWE-119","CWE-416","CWE-416 Use After Free","CWE-119 Memory Corruption"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"1.9","severity":"LOW","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"4.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"4.3","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"4.3","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","data":{"baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","version":"2.0"}}],"references":[{"url":"https://vuldb.com/?submit.621796","name":"https://vuldb.com/?submit.621796","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/727","name":"https://gitlab.com/libtiff/libtiff/-/merge_requests/727","refsource":"cna@vuldb.com","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.libtiff.org/","name":"http://www.libtiff.org/","refsource":"cna@vuldb.com","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?ctiid.317590","name":"https://vuldb.com/?ctiid.317590","refsource":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172","name":"https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172","refsource":"cna@vuldb.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.com/libtiff/libtiff/-/issues/707","name":"https://gitlab.com/libtiff/libtiff/-/issues/707","refsource":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?id.317590","name":"https://vuldb.com/?id.317590","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-8176","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8176","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.0","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.1","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.2","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.3","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.4","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.5","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.6","platforms":[]},{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.7.0","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-07-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2025-07-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2025-07-25T10:16:30.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"arthurx (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"8176","vulnerable":"1","versionEndIncluding":"4.7.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-8176","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-07-28T14:28:44.553762Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-07-28T14:28:58.338Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"LibTIFF","vendor":"n/a","versions":[{"status":"affected","version":"4.0"},{"status":"affected","version":"4.1"},{"status":"affected","version":"4.2"},{"status":"affected","version":"4.3"},{"status":"affected","version":"4.4"},{"status":"affected","version":"4.5"},{"status":"affected","version":"4.6"},{"status":"affected","version":"4.7.0"}]}],"credits":[{"lang":"en","type":"reporter","value":"arthurx (VulDB User)"}],"descriptions":[{"lang":"en","value":"A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue."},{"lang":"de","value":"In LibTIFF bis 4.7.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um die Funktion get_histogram der Datei tools/tiffmedian.c. Durch das Beeinflussen mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als fe10872e53efba9cc36c66ac4ab3b41a839d5172 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen."}],"metrics":[{"cvssV4_0":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV3_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.0"}},{"cvssV2_0":{"baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"Use After Free","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-119","description":"Memory Corruption","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-07-26T03:32:08.851Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-317590 | LibTIFF tiffmedian.c get_histogram use after free","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/?id.317590"},{"name":"VDB-317590 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/?ctiid.317590"},{"name":"Submit #621796 | LibTIFF v4.7.0 Use After Free","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.621796"},{"tags":["exploit","issue-tracking"],"url":"https://gitlab.com/libtiff/libtiff/-/issues/707"},{"tags":["patch"],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/727"},{"tags":["patch"],"url":"https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"},{"tags":["product"],"url":"http://www.libtiff.org/"}],"timeline":[{"lang":"en","time":"2025-07-25T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2025-07-25T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2025-07-25T10:16:30.000Z","value":"VulDB entry last update"}],"title":"LibTIFF tiffmedian.c get_histogram use after free"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2025-8176","datePublished":"2025-07-26T03:32:08.851Z","dateReserved":"2025-07-25T08:11:17.633Z","dateUpdated":"2025-07-28T14:28:58.338Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-07-26 04:16:10","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["CWE-119","CWE-416","CWE-416 Use After Free","CWE-119 Memory Corruption"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7.0","matchCriteriaId":"A1BCCE2B-687E-4E40-B318-41EB2DB40642"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"8176","Ordinal":"1","Title":"LibTIFF tiffmedian.c get_histogram use after free","CVE":"CVE-2025-8176","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"8176","Ordinal":"1","NoteData":"A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.","Type":"Description","Title":"LibTIFF tiffmedian.c get_histogram use after free"}]}}}