CVE-2025-61145
Published: February 23rd, 2026
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
MEDIUM
CVSS v3: 5
CVSS v3: 5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 26.1.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 26.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.4 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.3 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.2 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.1.2 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.1.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 25.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.4 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.4.0 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.3 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.2.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.2 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 24.1 | libtiff (4.6.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.3 | libtiff (4.5.1) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.2.1 | libtiff (4.3.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.2 | libtiff (4.3.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 23.1 | libtiff (4.3.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.4 | libtiff (4.3.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.3 | libtiff (4.3.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.2 | libtiff (4.3.0) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 22.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.11.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.11 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.8.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.8 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.5.1 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.5.0 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 21.2.0 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.20 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.19.3667 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.18.3599 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.17 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.16.3445 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.15.3368 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.14.3263 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.13.3179 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.12.3054 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.11.3040 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.11.2990 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.10.2934 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.9.2878 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
| 11.4.8.2822 | libtiff (4.0.8) | Not Affected | Code Not Present | The double-free vulnerability is in the tiffcrop CLI tool (tools/tiffcrop.c:2931), triggered in main() when freeing buffers after a failed image inversion. Document Filters does not compile or ship tiffcrop; only the libtiff library sources are included. The vulnerable tool code is not present in the build. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
LOW
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Version
3.1