CVE-2025-8961

Description

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

How to fix CVE-2025-8961

To remediate CVE-2025-8961, upgrade the affected package to a fixed version below.

Alpine/tiff—upgrade to 4.7.1-r0 or later
Debian/tiff—no fix listed

Is CVE-2025-8961 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.7.1-r0
from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2025-8961
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-8961