{"api_version":"1","generated_at":"2026-05-12T23:15:51+00:00","cve":"CVE-2025-8961","urls":{"html":"https://cve.report/CVE-2025-8961","api":"https://cve.report/api/cve/CVE-2025-8961.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-8961","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-8961"},"summary":{"title":"LibTIFF tiffcrop tiffcrop.c main memory corruption","description":"A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.","state":"PUBLISHED","assigner":"VulDB","published_at":"2025-08-14 13:15:38","updated_at":"2026-04-29 01:00:01"},"problem_types":["CWE-119","CWE-119 Memory Corruption"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"1.9","severity":"LOW","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"4.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","data":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"3.3","severity":"LOW","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","data":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"1.7","severity":"","vector":"AV:L/AC:L/Au:S/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"1.7","severity":"","vector":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR","data":{"baseScore":1.7,"vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing","name":"https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing","refsource":"cna@vuldb.com","tags":["Exploit"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960","name":"https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960","refsource":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.libtiff.org/","name":"http://www.libtiff.org/","refsource":"cna@vuldb.com","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?id.319955","name":"https://vuldb.com/?id.319955","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.com/libtiff/libtiff/-/issues/721","name":"https://gitlab.com/libtiff/libtiff/-/issues/721","refsource":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?ctiid.319955","name":"https://vuldb.com/?ctiid.319955","refsource":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?submit.627957","name":"https://vuldb.com/?submit.627957","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-8961","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8961","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"LibTIFF","version":"affected 4.7.0","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-08-13T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2025-08-13T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2025-08-23T17:15:59.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"ucas-xd (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"8961","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"4.7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-8961","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-08-14T13:20:40.733180Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-08-14T13:22:21.582Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"modules":["tiffcrop"],"product":"LibTIFF","vendor":"n/a","versions":[{"status":"affected","version":"4.7.0"}]}],"credits":[{"lang":"en","type":"reporter","value":"ucas-xd (VulDB User)"}],"descriptions":[{"lang":"en","value":"A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited."},{"lang":"de","value":"In LibTIFF 4.7.0 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion main der Datei tiffcrop.c der Komponente tiffcrop. Die Bearbeitung verursacht memory corruption. Der Angriff muss lokal durchgeführt werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":1.7,"vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"Memory Corruption","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-08-23T15:11:07.640Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-319955 | LibTIFF tiffcrop tiffcrop.c main memory corruption","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/?id.319955"},{"name":"VDB-319955 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/?ctiid.319955"},{"name":"Submit #627957 | libtiff tiffcrop 4.7.0 (the newest master) Segmentation Fault","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.627957"},{"tags":["issue-tracking"],"url":"https://gitlab.com/libtiff/libtiff/-/issues/721"},{"tags":["issue-tracking"],"url":"https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960"},{"tags":["exploit"],"url":"https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing"},{"tags":["product"],"url":"http://www.libtiff.org/"}],"timeline":[{"lang":"en","time":"2025-08-13T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2025-08-13T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2025-08-23T17:15:59.000Z","value":"VulDB entry last update"}],"title":"LibTIFF tiffcrop tiffcrop.c main memory corruption"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2025-8961","datePublished":"2025-08-14T12:02:08.516Z","dateReserved":"2025-08-13T16:01:06.782Z","dateUpdated":"2025-08-23T15:11:07.640Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-08-14 13:15:38","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["CWE-119","CWE-119 Memory Corruption"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"CC18E9C8-BF8F-412F-88EE-010FDA542285"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"8961","Ordinal":"1","Title":"LibTIFF tiffcrop tiffcrop.c main memory corruption","CVE":"CVE-2025-8961","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"8961","Ordinal":"1","NoteData":"A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.","Type":"Description","Title":"LibTIFF tiffcrop tiffcrop.c main memory corruption"}]}}}