Home / Vulnerability Intelligence / CVE-2025-61145

CVE-2025-61145 - Vulnerability Analysis

MediumCVSS: 5.0

Last Updated: February 24, 2026

libtiff - Denial of Service

Published: February 23, 2026Updated: February 24, 2026PoC Available

Overview

libtiff <= 4.7.1 contains a double free vulnerability caused by improper memory management in tools/tiffcrop.c, letting attackers cause denial of service, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 5.0

Impact

Attackers can cause denial of service by crashing the application via double free.

Mitigation

Update to the latest version of libtiff.

References

https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289
https://gitlab.com/libtiff/libtiff/-/issues/736
https://gitlab.com/libtiff/libtiff/-/merge_requests/753

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-61145
Severity: Medium
CVSS Score: 5.0
Type: undefined
Status: confirmed

CWE

CWE-415

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H