CVE-2025-8177
CVE Details
Visit the official vulnerability details page for CVE-2025-8177 to learn more.
Initial Publication
07/29/2025
Last Update
09/17/2025
Third Party Dependency
libtiff6
NIST CVE Summary
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
CVE Severity
Our Official Summary
This is a buffer overflow vulnerability in LibTIFF up to version 4.7.0, specifically affecting the setrow function in the tools/thumbnail.c file. The vulnerability allows local attackers to cause buffer overflow conditions through manipulation of TIFF image processing operations, potentially leading to memory corruption or denial of service. The issue only affects products that are no longer supported by the maintainer.
The vulnerability affects UI related images in both Vertex and Palette products, across versions 4.7.4 through 4.7.16. However, successful exploitation requires local access to the system and the ability to provide maliciously crafted TIFF files to applications using the vulnerable LibTIFF functionality, which is typically limited in containerized environments.
The risk of exploitation is considered low to medium, as it requires local access and specific conditions where TIFF image processing occurs with untrusted input files. Most containerized applications have restricted file system access and limited exposure to user-provided image files. The impact if compromised is considered medium as it could result in application crashes or memory corruption within the container context.
Upstream patches addressing this issue are available and will be adopted through vendor coordination to remediate the vulnerability across affected container images.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 09/17/2025 | Status changed from Open to Ongoing |
| 09/17/2025 | Official summary added |
| 09/12/2025 | Advisory assigned with HIGH severity |