ByteOS Network

NVD Vulnerability Details :

CVE-2025-9165

Modified

Source-cna@vuldb.com

Published At-19 Aug, 2025 | 20:15

Updated At-01 Oct, 2025 | 16:15

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.0	LOW	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary	2.0	1.0	LOW	AV:L/AC:H/Au:S/C:N/I:N/A:P

Type: Secondary

Version: 4.0

Base score: 2.0

Base severity: LOW

Vector:

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 2.5

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 2.0

Base score: 1.0

Base severity: LOW

Vector:

AV:L/AC:H/Au:S/C:N/I:N/A:P

CPE Matches

LibTIFF

>>libtiff>>4.7.0

cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-401	Secondary	cna@vuldb.com
CWE-404	Secondary	cna@vuldb.com

CWE ID: CWE-401

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-404

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
http://www.libtiff.org/	cna@vuldb.com	Product
https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing	cna@vuldb.com	Exploit
https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0	cna@vuldb.com	Patch
https://gitlab.com/libtiff/libtiff/-/issues/728	cna@vuldb.com	Exploit Issue Tracking Vendor Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/747	cna@vuldb.com	Issue Tracking Patch Vendor Advisory
https://vuldb.com/?ctiid.320543	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?id.320543	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.630506	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.630507	cna@vuldb.com	Third Party Advisory VDB Entry
https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214	af854a3a-2127-422b-91ae-364da2661108	Exploit Issue Tracking Vendor Advisory