Primary

Context

libtiff Double Free Vulnerability in tiffcrop Tool

Vulnerability

Patched

A double free vulnerability has been identified in libtiff versions prior to 4.7.1, specifically within the tools/tiffcrop.c component. This vulnerability can lead to memory corruption and potential application crashes.

Impact

Exploitation of this vulnerability causes a double free memory error, which can lead to memory corruption and application crashes.

Reproduction

The vulnerability can be reproduced by using the tiffcrop tool with the -F horiz and -I both options, along with a crafted TIFF file that triggers the double free condition. The issue can be further explored by referencing the stack trace available in the original issue discussion.

Remediation

Users can update to libtiff version 4.7.1 or later, where this vulnerability has been fixed.

Added: Feb 23, 2026, 7:25 PM

Updated: Feb 23, 2026, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libtiff Double Free Vulnerability in tiffcrop Tool

Vulnerability

Impact

Reproduction

Remediation

Affected Products

libtiff

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating