Executive Summary

CVE-2025-61143 affects the libtiff library, specifically versions up to and including v4.7.1. The vulnerability is a NULL pointer dereference located in the source file libtiff/tif_open.c.

This flaw can cause the application using libtiff to crash when processing TIFF files, due to the NULL pointer dereference.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to application crashes or denial of service when processing TIFF files using the affected libtiff versions.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

The vulnerability in libtiff up to version 4.7.1 is a NULL pointer dereference in the source file libtiff/tif_open.c, which can cause application crashes or denial of service when processing TIFF files.

Detection can involve monitoring for crashes or abnormal behavior in applications that process TIFF files using libtiff, especially when handling suspicious or malformed TIFF images.

Specific commands to detect this vulnerability are not provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, update libtiff to a version later than 4.7.1 where the NULL pointer dereference issue in tif_open.c has been fixed.

The fix was merged in the libtiff repository as part of merge request 755, which addresses the null pointer dereference.

Until an update can be applied, avoid processing untrusted or malformed TIFF files that could trigger the vulnerability.

Useful 0 Not Useful 0