A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7707-1 advisory.

    It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffmedian tool.
    An attacker could trick a user into processing a specially crafted tiff image file and potentially use     this issue to cause a denial of service. (CVE-2025-8176)

    It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using     thumbnail tool. An attacker could trick a user into processing a specially crafted tiff image file and     potentially use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and     Ubuntu 16.04 LTS. (CVE-2025-8177)

    It was discovered that LibTIFF incorrectly handled certain memory

    operations when using tiff2ps tool. An attacker could trick a user into processing a specially crafted     tiff image file and potentially use this issue to cause a denial of service. (CVE-2025-8534)

    It was discovered that LibTIFF did not properly perform bounds checking

    in certain operations when using tiffcrop tool. An attacker could trick

    a user into processing a specially crafted tiff image file and

    potentially use this issue to cause a denial of service. (CVE-2025-8851)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2965 advisory.

    A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability     affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after     free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be     used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a     patch to fix this issue. (CVE-2025-8176)

    A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the     function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to     be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to     apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by     the maintainer. (CVE-2025-8177)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02815-1 advisory.

    - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
    - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()       when processing malformed TIFF files (bsc#1247106)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02771-1 advisory.

    - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
    - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()       when processing malformed TIFF files (bsc#1247106)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02770-1 advisory.

    - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503)
    - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
    - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()       when processing malformed TIFF files (bsc#1247106)
    - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
    - Add %check section
    - Remove Group: declarations, no longer used

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability     affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after     free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be     used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a     patch to fix this issue. (CVE-2025-8176)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7d08872494 advisory.

    - fix CVE-2025-8176: use after free in tiffmedian (rhbz#2383821)
    - fix CVE-2025-8177: buffer oveflow in thumbnail setrow when processing malformed TIFF (rhbz#2383827)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
253529	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : LibTIFF vulnerabilities (USN-7707-1)	Nessus	Ubuntu Local Security Checks	medium
252295	Amazon Linux 2 : libtiff (ALAS-2025-2965)	Nessus	Amazon Linux Local Security Checks	medium
250307	SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2025:02815-1)	Nessus	SuSE Local Security Checks	medium
249224	SUSE SLES12 Security Update : tiff (SUSE-SU-2025:02771-1)	Nessus	SuSE Local Security Checks	medium
249220	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2025:02770-1)	Nessus	SuSE Local Security Checks	medium
247174	Linux Distros Unpatched Vulnerability : CVE-2025-8176	Nessus	Misc.	medium
243211	Fedora 42 : libtiff (2025-7d08872494)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2025-8176

low

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium