Login Sign Up

CVE-2025-8851

5.3 MEDIUM
Denial of Service Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in LibTIFF's tiffcrop utility, specifically in the readSeparateStripsetoBuffer function. This vulnerability could allow local attackers to execute arbitrary code or cause denial of service. Users of LibTIFF up to version 4.5.1 are affected.

💻 Affected Systems

Products:
  • LibTIFF
Versions: Up to and including 4.5.1
Operating Systems: All platforms running vulnerable LibTIFF versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where tiffcrop utility is installed and accessible to local users.

📦 What is this software?

Libtiff by Libtiff

View all CVEs affecting Libtiff →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via arbitrary code execution.

🟠

Likely Case

Application crash (denial of service) or limited code execution in the context of the tiffcrop process.

🟢

If Mitigated

Minimal impact if proper access controls prevent local attackers from running tiffcrop on vulnerable systems.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers with access to run tiffcrop could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to run tiffcrop with malicious TIFF files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LibTIFF version after commit 8a7a48d7a645992ca83062b3a1873c951661e2b3

Vendor Advisory: http://www.libtiff.org/

Restart Required: No

Instructions:

1. Update LibTIFF to version after commit 8a7a48d7a645992ca83062b3a1873c951661e2b3. 2. Recompile applications using LibTIFF if statically linked. 3. For package managers: use system update commands (apt-get upgrade, yum update, etc.) for libtiff packages.

🔧 Temporary Workarounds

Restrict tiffcrop access

Unix/Linux

Remove execute permissions from tiffcrop binary for non-privileged users

chmod 750 /usr/bin/tiffcrop
chown root:root /usr/bin/tiffcrop

🧯 If You Can't Patch

  • Remove tiffcrop utility from production systems if not required
  • Implement strict access controls to prevent unauthorized users from executing tiffcrop

🔍 How to Verify

Check if Vulnerable:

Check LibTIFF version: tiffcrop --version | grep 'Version'

Check Version:

tiffcrop --version 2>/dev/null || echo 'tiffcrop not found'

Verify Fix Applied:

Verify version is newer than 4.5.1 or check for commit 8a7a48d7a645992ca83062b3a1873c951661e2b3 in source

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from tiffcrop process
  • Unexpected tiffcrop execution by non-privileged users

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Process:Name='tiffcrop' AND EventType='Process Crash'

📊 Metadata

CVE ID: CVE-2025-8851
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.02% exploit probability (3.7th percentile)
Published: August 11, 2025
Last Updated: October 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8851, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)