CVE-2025-9165 (GCVE-0-2025-9165)
Vulnerability from cvelistv5
Published
2025-08-19 20:02
Modified
2025-10-01 15:25
Severity ?
1.1 (Low) - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE
Summary
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".
References
cna@vuldb.comhttp://www.libtiff.org/Product
cna@vuldb.comhttps://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharingExploit
cna@vuldb.comhttps://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0Patch
cna@vuldb.comhttps://gitlab.com/libtiff/libtiff/-/issues/728Exploit, Issue Tracking, Vendor Advisory
cna@vuldb.comhttps://gitlab.com/libtiff/libtiff/-/merge_requests/747Issue Tracking, Patch, Vendor Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.320543Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.320543Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.630506Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.630507Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214Exploit, Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
n/a LibTIFF Version: 4.7.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9165",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-19T20:31:35.513657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-19T20:31:44.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-08-26T15:29:01.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "tiffcmp"
          ],
          "product": "LibTIFF",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "HeureuxBuilding (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because \"this is a memory leak on a command line tool that is about to exit anyway\". In the reply the project maintainer declares this issue as \"a simple \u0027bug\u0027 when leaving the command line tool and (...) not a security issue at all\"."
        },
        {
          "lang": "de",
          "value": "In LibTIFF 4.7.0 ist eine Schwachstelle entdeckt worden. Betroffen davon ist die Funktion _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 der Datei tools/tiffcmp.c der Komponente tiffcmp. Die Bearbeitung verursacht memory leak. Der Angriff muss auf lokaler Ebene erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Sie ist schwierig auszunutzen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert. Der Patch wird als ed141286a37f6e5ddafb5069347ff5d587e7a4e0 bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1,
            "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "Memory Leak",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T15:25:44.426Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320543 | LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.320543"
        },
        {
          "name": "VDB-320543 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320543"
        },
        {
          "name": "Submit #630506 | libtiff tiffcmp  4.7.0+ (latest master branch) Memory Leak",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.630506"
        },
        {
          "name": "Submit #630507 | libtiff tiffcmp  4.7.0+ (latest master branch) Memory Leak (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.630507"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/728"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/747"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0"
        },
        {
          "tags": [
            "product"
          ],
          "url": "http://www.libtiff.org/"
        }
      ],
      "tags": [
        "disputed",
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-01T17:29:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9165",
    "datePublished": "2025-08-19T20:02:13.694Z",
    "dateReserved": "2025-08-19T13:24:01.463Z",
    "dateUpdated": "2025-10-01T15:25:44.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9165\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-19T20:15:37.557\",\"lastModified\":\"2025-10-01T16:15:53.417\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cna@vuldb.com\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because \\\"this is a memory leak on a command line tool that is about to exit anyway\\\". In the reply the project maintainer declares this issue as \\\"a simple \u0027bug\u0027 when leaving the command line tool and (...) not a security issue at all\\\".\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una falla en LibTIFF 4.7.0. Esta afecta a la funci\u00f3n _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 del archivo tools/tiffcmp.c del componente tiffcmp. La manipulaci\u00f3n puede provocar una fuga de memoria. El ataque se limita a la ejecuci\u00f3n local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este parche se llama ed141286a37f6e5ddafb5069347ff5d587e7a4e0. Se recomienda aplicar un parche para resolver este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.0,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:S/C:N/I:N/A:P\",\"baseScore\":1.0,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"},{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:4.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC18E9C8-BF8F-412F-88EE-010FDA542285\"}]}]}],\"references\":[{\"url\":\"http://www.libtiff.org/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]},{\"url\":\"https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/issues/728\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/merge_requests/747\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.320543\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.320543\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.630506\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.630507\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://gitlab.com/libtiff/libtiff/-/issues/728#note_2709263214\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-08-26T15:29:01.729Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9165\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-19T20:31:35.513657Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-19T20:31:40.032Z\"}}], \"cna\": {\"tags\": [\"disputed\", \"x_open-source\"], \"title\": \"LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"HeureuxBuilding (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 2.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 1, \"vectorString\": \"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"tiffcmp\"], \"product\": \"LibTIFF\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.0\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-19T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-08-19T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-10-01T17:29:54.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.320543\", \"name\": \"VDB-320543 | LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.320543\", \"name\": \"VDB-320543 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.630506\", \"name\": \"Submit #630506 | libtiff tiffcmp  4.7.0+ (latest master branch) Memory Leak\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/?submit.630507\", \"name\": \"Submit #630507 | libtiff tiffcmp  4.7.0+ (latest master branch) Memory Leak (Duplicate)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/issues/728\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/merge_requests/747\", \"tags\": [\"patch\"]}, {\"url\": \"https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing\", \"tags\": [\"exploit\"]}, {\"url\": \"https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0\", \"tags\": [\"patch\"]}, {\"url\": \"http://www.libtiff.org/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because \\\"this is a memory leak on a command line tool that is about to exit anyway\\\". In the reply the project maintainer declares this issue as \\\"a simple \u0027bug\u0027 when leaving the command line tool and (...) not a security issue at all\\\".\"}, {\"lang\": \"de\", \"value\": \"In LibTIFF 4.7.0 ist eine Schwachstelle entdeckt worden. Betroffen davon ist die Funktion _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 der Datei tools/tiffcmp.c der Komponente tiffcmp. Die Bearbeitung verursacht memory leak. Der Angriff muss auf lokaler Ebene erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\\u00e4t. Sie ist schwierig auszunutzen. Der Exploit ist \\u00f6ffentlich verf\\u00fcgbar und k\\u00f6nnte genutzt werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert. Der Patch wird als ed141286a37f6e5ddafb5069347ff5d587e7a4e0 bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"Memory Leak\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"Denial of Service\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-10-01T15:25:44.426Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9165\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T15:25:44.426Z\", \"dateReserved\": \"2025-08-19T13:24:01.463Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-08-19T20:02:13.694Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.