CVE-2025-61144 - Vulnerability Analysis
HighCVSS: 7.3Last Updated: February 24, 2026
libtiff - Buffer Overflow
Published: February 23, 2026Updated: February 24, 2026PoC Available
Overview
libtiff <= v4.7.1 contains a stack overflow caused by improper handling in the readSeparateStripsIntoBuffer function, letting attackers cause a denial of service or potentially execute code, exploit requires crafted input.
Severity & Score
Severity: High
CVSS Score: 7.3
EPSS Score: 2.6%(Probability of exploitation in next 30 days)
Impact
Attackers can cause a denial of service or potentially execute arbitrary code via crafted input.
Mitigation
Update to the latest version beyond v4.7.1.
References
- https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d
- https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa
- https://gitlab.com/libtiff/libtiff/-/issues/740
- https://gitlab.com/libtiff/libtiff/-/merge_requests/757
- https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952
Social Media Activity(1 post)
Chuckles
@celeduc
Oh good, a critical update for libtiff6. Ancient formats certainly carry a lot of baggage. https://nvd.nist.gov/vuln/detail/CVE-2025-61144
View original postRelated Resources
Details
- CVE ID
- CVE-2025-61144
- Severity
- High
- CVSS Score
- 7.3
- Type
- buffer_overflow
- Status
- confirmed
- EPSS
- 2.6%
- Social Posts
- 1
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
2.6%Probability of exploitation in the next 30 days