CVE-2025-8176 – A critical use-after-free vulnerability in LibT... (How to Fix)

Q: What is the severity of CVE-2025-8176?

CVE-2025-8176 has a CVSS score of 5.3 (MEDIUM). A critical use-after-free vulnerability in LibTIFF's tiffmedian tool allows local attackers to execute arbitrary code or cause denial of service. This affects systems running vulnerable versions of LibTIFF (up to 4.7.0) where the tiffmedian tool is accessible. The vulnerability requires local access to exploit.

📋 TL;DR

A critical use-after-free vulnerability in LibTIFF's tiffmedian tool allows local attackers to execute arbitrary code or cause denial of service. This affects systems running vulnerable versions of LibTIFF (up to 4.7.0) where the tiffmedian tool is accessible. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

LibTIFF

Versions: All versions up to and including 4.7.0

Operating Systems: Linux, Unix-like systems, Windows, macOS - any OS running vulnerable LibTIFF

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where the tiffmedian command-line tool is installed and accessible. Many distributions package LibTIFF without tiffmedian by default.

📦 What is this software?

Libtiff by Libtiff

View all CVEs affecting Libtiff →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution as the user running tiffmedian, or complete system crash.

🟠

Likely Case

Application crash (denial of service) when processing malicious TIFF files with tiffmedian, potentially allowing limited code execution in the context of the running process.

🟢

If Mitigated

No impact if tiffmedian tool is not used or if proper access controls prevent local users from executing it.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to execute the tiffmedian tool.

🏢 Internal Only: MEDIUM - Internal users with access to run tiffmedian could exploit this, but requires local execution privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to execute tiffmedian with a malicious TIFF file. The vulnerability is in a command-line tool, not the library itself when used by other applications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit fe10872e53efba9cc36c66ac4ab3b41a839d5172

Vendor Advisory: https://gitlab.com/libtiff/libtiff/-/issues/707

Restart Required: No

Instructions:

1. Update LibTIFF to version 4.7.1 or later. 2. Apply patch fe10872e53efba9cc36c66ac4ab3b41a839d5172 if compiling from source. 3. For package managers: 'sudo apt update && sudo apt upgrade libtiff5' (Debian/Ubuntu) or 'sudo yum update libtiff' (RHEL/CentOS).

🔧 Temporary Workarounds

Remove tiffmedian binary

linux

Remove or restrict execute permissions on the tiffmedian tool if not needed

sudo rm /usr/bin/tiffmedian
sudo chmod 000 /usr/bin/tiffmedian

Restrict user access

linux

Use SELinux/AppArmor or file permissions to restrict which users can execute tiffmedian

sudo chmod 750 /usr/bin/tiffmedian
sudo chown root:trustedgroup /usr/bin/tiffmedian

🧯 If You Can't Patch

Remove execute permissions from tiffmedian binary or uninstall the tiffmedian package
Implement strict access controls to prevent unauthorized users from executing tiffmedian

🔍 How to Verify

Check if Vulnerable:

Check if tiffmedian exists and LibTIFF version: 'which tiffmedian && tiffmedian --version | head -1'

Check Version:

tiffmedian --version | head -1

Verify Fix Applied:

Verify LibTIFF version is >4.7.0 or check if commit fe10872e is present in source: 'tiffmedian --version | grep -q "4.7.1" && echo "Patched"'

📡 Detection & Monitoring

Log Indicators:

Failed tiffmedian executions
Process crashes of tiffmedian
Unusual tiffmedian usage patterns

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Process Creation where Image contains 'tiffmedian' OR Process Crash where ProcessName contains 'tiffmedian'

📊 Metadata

CVE ID: CVE-2025-8176

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.02% exploit probability (3th percentile)

Published: July 26, 2025

Last Updated: September 11, 2025

🔗 References

http://www.libtiff.org/ Product
https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 Patch
https://gitlab.com/libtiff/libtiff/-/issues/707 Exploit,Issue Tracking,Vendor Advisory
https://gitlab.com/libtiff/libtiff/-/merge_requests/727 Product
https://vuldb.com/?ctiid.317590 Permissions Required,VDB Entry
https://vuldb.com/?id.317590 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.621796 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8176, you might also want to check these: