{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-61143", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-02-23T17:55:13.933Z", "dateReserved": "2025-09-26T00:00:00.000Z", "datePublished": "2026-02-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-23T17:55:13.933Z"}, "descriptions": [{"lang": "en", "value": "libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/libtiff/libtiff/-/issues/737"}, {"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/755"}, {"url": "https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", "matchCriteriaId": "06030FDB-8188-48F1-AB22-C17EE4331121", "versionEndExcluding": "4.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c."}, {"lang": "es", "value": "Se descubri\u00f3 que libtiff hasta la v4.7.1 conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente libtiff/tif_open.c."}], "id": "CVE-2025-61143", "lastModified": "2026-02-24T20:22:45.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-23T19:22:56.517", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.com/libtiff/libtiff/-/issues/737"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/755"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c", "id": "2441978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441978"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-61143", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-61143\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61143\nhttps://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa\nhttps://gitlab.com/libtiff/libtiff/-/issues/737\nhttps://gitlab.com/libtiff/libtiff/-/merge_requests/755"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.7.1]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "libtiff", "vendor": "libtiff"}], "created": "2026-02-24T09:55:45.459411+00:00", "updated": "2026-02-24T09:55:45.459501+00:00", "vendors": ["libtiff", "libtiff$PRODUCT$libtiff"]}