CNNVD-202508-884 Information
CNNVD ID
CNNVD-202508-884
Related CVE
- CNNVD Published: 2025-08-11
Description (Chinese)
LibTIFF是LibTIFF开源的一个读写TIFF(标签图像文件格式)文件的库。该库包含一些处理TIFF文件的命令行工具。 LibTIFF 4.5.1及之前版本存在安全漏洞,该漏洞源于文件tools/tiffcrop.c中函数readSeparateStripsetoBuffer存在栈缓冲区溢出。
Description (English)
LibTIFF is a library of reading and writing TIFF files from the LibTIFF open source. The library contains a number of command line tools to process TIFF files. LibTIFF 4.5.1 and previous versions contain a security loophole, which stems from the spilling out of the silo buffer zone of the function ReadSeparateStripsetoBuffer in document Tools/tiffcorp.c.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LibTIFF
Published
2025-08-11
Last Modified
2026-02-24
References
http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 https://vuldb.com/?ctiid.319382 https://vuldb.com/?id.319382 https://vuldb.com/?submit.624604 https://access.redhat.com/security/cve/cve-2025-8851
Patch
https://gitlab.com/libtiff/libtiff/-/releases
Share on: