Vulnerability Report

CVE-2025-8534

Title: Libtiff Memory Corruption

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2025-8534.

CWE Category CWE-404

Published Date Aug 05, 2025

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 1.1 CVSS v4.0

Exploit Probability (EPSS)

0.13%

Vulnerability Summary

CVE-2025-8534: A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

Impacted Vendors

libtiff 1

simplesystems 1

Reference Links

http://www.libtiff.org/ https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b https://gitlab.com/libtiff/libtiff/-/issues/718 https://gitlab.com/libtiff/libtiff/-/merge_requests/746 https://vuldb.com/?ctiid.318664 https://vuldb.com/?id.318664 https://vuldb.com/?submit.617831 https://gitlab.com/libtiff/libtiff/-/issues/718 https://vuldb.com/?submit.617831

CVSS v4.0

Source Entity [email protected]

Severity LOW

1.1

Attack Vector

LOCAL

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

N/A

RAW VECTOR

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS v3.1

Source Entity [email protected]

Severity LOW

2.5

Attack Vector

LOCAL

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v2.0

Source Entity [email protected]

Severity LOW

1.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:H/Au:S/C:N/I:N/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-8534 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

September 11, 2025 MODIFIED

Vulnerability data or affected products updated.

August 05, 2025 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity HIGH

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Stack

No specific products linked.