CNNVD-202508-279 Information

Aug 05, 2025 cve

CNNVD ID

CNNVD-202508-279

CVE-2025-8534

CNNVD Published: 2025-08-05

Description (Chinese)

LibTIFF是LibTIFF开源的一个读写TIFF（标签图像文件格式）文件的库。该库包含一些处理TIFF文件的命令行工具。 LibTIFF 4.6.0版本存在安全漏洞，该漏洞源于文件tools/tiff2ps.c中函数PS_Lvl2page存在空指针取消引用。

Description (English)

LibTIFF is a library of reading and writing TIFF files from the LibTIFF open source. The library contains a number of command line tools to process TIFF files. Version 4.6.0 of LibTIFF has a security loophole, which stems from the empty pointer unreferenced for PS Lvl2page in filetools/tiff2ps.c.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

LibTIFF

Published

2025-08-05

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.318664 https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b https://gitlab.com/libtiff/libtiff/-/issues/718 https://gitlab.com/libtiff/libtiff/-/merge_requests/746 https://vuldb.com/?id.318664 https://vuldb.com/?submit.617831 https://vigilance.fr/vulnerability/LibTIFF-NULL-pointer-dereference-via-PS-Lvl2page-48004

Patch

https://libtiff.gitlab.io/libtiff/

Share on: