CVE-2025-61144
Received Received - Intake
Stack Overflow in libtiff readSeparateStripsIntoBuffer Function

Publication date: 2026-02-23

Last updated on: 2026-02-25

Assigner: MITRE

Description
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-23
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61144
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libtiff libtiff to 4.7.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-61144 is a stack-based buffer overflow vulnerability in libtiff versions up to 4.7.1. It occurs in the function readSeparateStripsIntoBuffer, specifically when processing TIFF images with malformed directories such as improper tags or missing data. The vulnerability arises because the function combineSeparateSamplesBytes accesses memory beyond the boundary of a stack-allocated array, srcbuffs, leading to a buffer overflow.

This flaw can be triggered by crafted TIFF files that exploit improper handling of buffer boundaries during TIFF image processing.

Impact Analysis

This vulnerability can allow an attacker to cause a denial of service by crashing the application processing the TIFF files or potentially execute arbitrary code on the affected system.

Exploitation occurs when a specially crafted TIFF file triggers the buffer overflow in the vulnerable function, which may lead to memory corruption.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is triggered by processing specially crafted TIFF files that exploit a stack-based buffer overflow in the readSeparateStripsIntoBuffer function of libtiff up to version 4.7.1.

Detection can be performed by scanning for the presence of vulnerable libtiff versions (up to 4.7.1) on your system and by monitoring for crashes or abnormal behavior in applications that process TIFF images, especially those using the tiffcrop utility.

There are no specific detection commands provided in the resources, but you can check the installed libtiff version with commands like:

  • dpkg -l | grep libtiff (on Debian/Ubuntu systems)
  • rpm -qa | grep libtiff (on RedHat/CentOS systems)

Additionally, you can attempt to identify suspicious TIFF files by testing them with the vulnerable tiffcrop tool in a controlled environment to see if they cause crashes or buffer overflow symptoms.

Mitigation Strategies

The primary mitigation step is to update libtiff to a version that includes the fix for CVE-2025-61144.

The vulnerability was fixed by adding boundary checks in the function combineSeparateSamplesBytes within the tiffcrop utility, preventing buffer overflow by limiting loop iterations to MAX_SAMPLES.

Therefore, upgrading libtiff to a version that includes the commits merged on September 5, 2025 (such as those referenced by commits 88cf9dbb and 09f53a86) will mitigate the issue.

If immediate upgrade is not possible, avoid processing untrusted or malformed TIFF files with vulnerable versions of libtiff or the tiffcrop utility.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61144. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart