CNNVD-202508-2193 Information
CNNVD ID
CNNVD-202508-2193
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
LibTIFF是LibTIFF开源的一个读写TIFF(标签图像文件格式)文件的库。该库包含一些处理TIFF文件的命令行工具。 LibTIFF 4.7.0版本存在安全漏洞,该漏洞源于组件tiffcmp中文件tiffcmp.c存在内存泄漏。
Description (English)
LibTIFF is a library of reading and writing TIFF files from the LibTIFF open source. The library contains a number of command line tools to process TIFF files. Version 4.7.0 of LibTIFF has a security loophole, which stems from the memory leak of the document tiffcmp.c in component tiffcmp.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
LibTIFF
Published
2025-08-19
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.320543 https://gitlab.com/libtiff/libtiff/-/issues/728 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 https://vuldb.com/?submit.630506 https://vuldb.com/?submit.630507 https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://vuldb.com/?id.320543 https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing https://nvd.nist.gov/vuln/detail/CVE-2025-9165 https://vigilance.fr/vulnerability/LibTIFF-memory-leak-via-tiffcmp-tools-tiffcmp-c-48031 https://access.redhat.com/security/cve/cve-2025-9165
Patch
https://libtiff.gitlab.io/libtiff/
Share on: