2383608 – (CVE-2025-8177) CVE-2025-8177 libtiff: LibTIFF Buffer Overflow

Bug 2383608 (CVE-2025-8177) - CVE-2025-8177 libtiff: LibTIFF Buffer Overflow

Summary: CVE-2025-8177 libtiff: LibTIFF Buffer Overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-8177
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2383826 2383828 2383829 2383830 2383831 2383827
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-26 05:01 UTC by OSIDB Bzimport
Modified:	2025-10-09 10:38 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-26 05:01:14 UTC

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Note You need to log in before you can comment on or make changes to this bug.