CVE-2025-9165
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9165
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libtiff libtiff 4.7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in LibTIFF 4.7.0 affecting certain functions in the tiffcmp component, which can lead to a memory leak when manipulated. The issue is exploitable only through local execution.


How can this vulnerability impact me? :

The vulnerability can cause a memory leak on the affected system, potentially leading to degraded performance or resource exhaustion. However, exploitation requires local access, limiting the attack scope.


What immediate steps should I take to mitigate this vulnerability?

The best immediate step to mitigate this vulnerability is to apply the patch identified as ed141286a37f6e5ddafb5069347ff5d587e7a4e0 to the affected LibTIFF 4.7.0 component. Since the attack requires local execution, restricting local access and applying the patch are recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart