csaf_certbund - wid-sec-w-2025-1863

WID-SEC-W-2025-1863

Vulnerability from csaf_certbund - Published: 2025-08-19 22:00 - Updated: 2025-09-29 22:00

Summary

libTIFF: Schwachstelle ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

libTIFF ist ein Softwarepaket für die Verarbeitung von Bilddateien in Tag Image File Format (TIFF).

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "libTIFF ist ein Softwarepaket f\u00fcr die Verarbeitung von Bilddateien in Tag Image File Format (TIFF).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1863 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1863.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1863 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1863"
      },
      {
        "category": "external",
        "summary": "LibTiff GitLab Issue #728 vom 2025-08-19",
        "url": "https://gitlab.com/libtiff/libtiff/-/issues/728"
      },
      {
        "category": "external",
        "summary": "LibTiff GitLab Merge Request #747 vom 2025-08-19",
        "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/747"
      },
      {
        "category": "external",
        "summary": "EUVD-2025-25249 vom 2025-08-19 mit PoC link",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2025-25249"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15487-1 vom 2025-08-23",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MQ6DSWGMH54XQ7UX6TDCH7GO23X5L5TS/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-EBFF4D54BF vom 2025-08-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-ebff4d54bf"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-C612CBC58F vom 2025-08-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-c612cbc58f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-AC7B2513A8 vom 2025-08-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-ac7b2513a8"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15556-1 vom 2025-09-17",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZKGGJOFDT5ODMGEJOW3ACK4DHZUIJL/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03348-1 vom 2025-09-24",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OR2XRALRUSC64QZLEHVD53ES7ZBR6KET/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03345-1 vom 2025-09-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022633.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03346-1 vom 2025-09-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022632.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3004 vom 2025-09-29",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3004.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7783-1 vom 2025-09-29",
        "url": "https://ubuntu.com/security/notices/USN-7783-1"
      }
    ],
    "source_lang": "en-US",
    "title": "libTIFF: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-09-29T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-30T09:01:21.291+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1863",
      "initial_release_date": "2025-08-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-24T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-09-17T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-09-24T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.7.0",
                "product": {
                  "name": "Open Source libTIFF 4.7.0",
                  "product_id": "T045704",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:libtiff:libtiff:4.7.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "libTIFF"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9165",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T045704",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-9165"
    }
  ]
}

CVE-2025-9165 (GCVE-0-2025-9165)

Vulnerability from cvelistv5 – Published: 2025-08-19 20:02 – Updated: 2025-10-01 15:25

Summary

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".

Severity ?

2 (Low)


                        
                          CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

2.5 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-401 - Memory Leak
CWE-404 - Denial of Service

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.320543	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.320543	signaturepermissions-required
	https://vuldb.com/?submit.630506	third-party-advisory
	https://vuldb.com/?submit.630507	third-party-advisory
	https://gitlab.com/libtiff/libtiff/-/issues/728	issue-tracking
	https://gitlab.com/libtiff/libtiff/-/merge_requests/747	patch
	https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM…	exploit
	https://gitlab.com/libtiff/libtiff/-/commit/ed141…	patch
	http://www.libtiff.org/	product

Impacted products

	Vendor	Product	Version
	n/a	LibTIFF	Affected: 4.7.0

Credits

HeureuxBuilding (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9165",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-19T20:31:35.513657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-19T20:31:44.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-08-26T15:29:01.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "tiffcmp"
          ],
          "product": "LibTIFF",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "HeureuxBuilding (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because \"this is a memory leak on a command line tool that is about to exit anyway\". In the reply the project maintainer declares this issue as \"a simple \u0027bug\u0027 when leaving the command line tool and (...) not a security issue at all\"."
        },
        {
          "lang": "de",
          "value": "In LibTIFF 4.7.0 ist eine Schwachstelle entdeckt worden. Betroffen davon ist die Funktion _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 der Datei tools/tiffcmp.c der Komponente tiffcmp. Die Bearbeitung verursacht memory leak. Der Angriff muss auf lokaler Ebene erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Sie ist schwierig auszunutzen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert. Der Patch wird als ed141286a37f6e5ddafb5069347ff5d587e7a4e0 bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1,
            "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "Memory Leak",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T15:25:44.426Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320543 | LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.320543"
        },
        {
          "name": "VDB-320543 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320543"
        },
        {
          "name": "Submit #630506 | libtiff tiffcmp  4.7.0+ (latest master branch) Memory Leak",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.630506"
        },
        {
          "name": "Submit #630507 | libtiff tiffcmp  4.7.0+ (latest master branch) Memory Leak (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.630507"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/728"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/747"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0"
        },
        {
          "tags": [
            "product"
          ],
          "url": "http://www.libtiff.org/"
        }
      ],
      "tags": [
        "disputed",
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-01T17:29:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9165",
    "datePublished": "2025-08-19T20:02:13.694Z",
    "dateReserved": "2025-08-19T13:24:01.463Z",
    "dateUpdated": "2025-10-01T15:25:44.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1863

CVE-2025-9165 (GCVE-0-2025-9165)

Tags

Sightings

Nomenclature