ALT-PU-2025-11985-2

BDU:2025-13924

LOW3.3

Уязвимость библиотеки LibTIFF, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код на целевой системе

Published: 2025-11-10Modified: 2026-04-30

CVSS 3.xLOW 3.3

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 1.7

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P

References

CVE-2025-8961

CVE-2025-8961

LOW1.9

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

Published: 2025-08-14Modified: 2026-04-29

CVSS 2.0LOW 1.7

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0LOW 1.9

CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Package update libtiff5 in branch sisyphus

Closed issues (2)

Уязвимость библиотеки LibTIFF, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код на целевой системе

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.