LibTIFF
Moderate fix1 remedy
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 4.7.0
LibTIFF Buffer Overflow Vulnerability in Thumbnail Tool
Vulnerability
A critical buffer overflow vulnerability has been identified in LibTIFF versions prior to 4.7.0. The issue arises in the thumbnail tool, specifically within the 'setrow' function of 'tools/thumbnail.c'. This vulnerability allows for out-of-bounds memory access, which could be exploited to overwrite memory and potentially execute arbitrary code. The vulnerability requires local access to be exploited.
Impact
Exploitation of this vulnerability causes a global buffer overflow, leading to out-of-bounds memory access. This type of memory corruption can often be exploited to execute arbitrary code or cause a program to crash.
Reproduction
The vulnerability can be reproduced by using a crafted TIFF file with the LibTIFF thumbnail tool. After building LibTIFF with AddressSanitizer and AFL++ as the compiler, the thumbnail tool can be executed with the crafted file. The AddressSanitizer output will indicate a global buffer overflow, confirming the vulnerability.
Remediation
Users are advised to update to LibTIFF version 4.7.0 or later, where this vulnerability has been fixed.
Added: Jul 26, 2025, 4:19 AM
Updated: Jul 26, 2025, 4:19 AM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
10.0exploitability
6.0remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.