CVE-2025-8534
BaseFortify
Publication date: 2025-08-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libtiff | libtiff | 4.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8534 is a vulnerability in libtiff version 4.6.0, specifically in the tiff2ps utility that converts TIFF images to PostScript Level 2 output. The issue occurs in the function PS_Lvl2page() when processing specially crafted TIFF files with malformed directory tags. This leads to a NULL pointer dereference causing the application to crash (segmentation fault). The root cause is the lack of proper checks on TIFF tags like StripByteCounts and TileByteCounts, which results in the program attempting to access memory at a NULL address during conversion. [1, 5]
How can this vulnerability impact me? :
This vulnerability can cause the tiff2ps utility to crash when processing maliciously crafted TIFF files, leading to a denial of service (DoS) condition. Since the attack requires local access and has high complexity, exploitation is difficult but possible. The impact is limited to availability as it causes the application to exit unexpectedly, potentially disrupting workflows that rely on TIFF to PostScript conversion. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to process specially crafted TIFF files with the tiff2ps utility from libtiff version 4.6.0. Running tiff2ps on a malicious TIFF file may cause a segmentation fault (NULL pointer dereference) and warnings about invalid TIFF directory order, nonstandard tile width, invalid data types for tags such as StripByteCounts, and incorrect counts for StripOffsets. To detect the issue, you can run the following command on a suspicious TIFF file: tiff2ps suspicious_file.tiff If the utility crashes or outputs warnings related to TIFF tags, it may indicate the presence of the vulnerability. Additionally, monitoring system logs for crashes of tiff2ps or segmentation faults related to TIFF processing can help detect exploitation attempts. [1, 5]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 6ba36f159fd396ad11bf6b7874554197736ecc8b, which adds proper checks for the return values of TIFFGetField() when retrieving TIFF tags to prevent NULL pointer dereference. If patching is not immediately possible, avoid using the tiff2ps utility with TIFF files that may be untrusted or malformed, especially when using the DEFER_STRILE_LOAD option or opening TIFF files with the "rD" mode. Restrict local access to systems running vulnerable versions of libtiff to reduce the risk of exploitation. Ultimately, update libtiff to a version including the fix to fully mitigate the vulnerability. [2, 3, 4]