CVE-2025-61143
Published: February 23rd, 2026
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
MEDIUM
CVSS v3: 5.5
CVSS v3: 5.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 26.1.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 26.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.4 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.3 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.2 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.1.2 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.1.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.4 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.4.0 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.3 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.2.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.2 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.3 | libtiff (4.5.1) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.2.1 | libtiff (4.3.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.2 | libtiff (4.3.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.1 | libtiff (4.3.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.4 | libtiff (4.3.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.3 | libtiff (4.3.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.2 | libtiff (4.3.0) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.11.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.11 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.8.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.8 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.5.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.5.0 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.2.0 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.20 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.19.3667 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.18.3599 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.17 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.16.3445 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.15.3368 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.14.3263 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.13.3179 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.12.3054 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.11.3040 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.11.2990 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.10.2934 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.9.2878 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.8.2822 | libtiff (4.0.8) | Not Affected | Code Not Present | The vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2954) which passes a NULL TIFF* to TIFFFileName(). Document Filters does not compile or ship the tiffcrop CLI utility; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version
3.1