CVE-2025-8176
CVE Details
Visit the official vulnerability details page for CVE-2025-8176 to learn more.
Initial Publication
07/29/2025
Last Update
09/17/2025
Third Party Dependency
libtiff6
NIST CVE Summary
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
CVE Severity
Our Official Summary
An attacker with local access to a system running a vulnerable version could exploit this vulnerability to manipulate memory after it has been freed, which may lead to memory corruption, crashes, or potentially code execution depending on how the library is used within the context of the affected process. The vulnerability affects LibTIFF tools/utilities that invoke tiffmedian (or its get_histogram code path) and is particularly relevant in environments that run that tool with user-supplied or untrusted input.
In containerized or production server environments the risk is considered low to medium because tiffmedian is not used. The impact, if successfully exploited, is potentially low. At best it causes application container to restart. This vulnerability mainly affects the UI related container images.
As and when the upstream fix becomes available, it will be incorporated.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 09/17/2025 | Status changed from Open to Ongoing |
| 09/17/2025 | Official summary added |
| 09/12/2025 | Advisory assigned with HIGH severity |