CVE-2025-61145 identifies a double free vulnerability in libtiff, a widely used library for handling TIFF image files, specifically affecting versions up to 4.7.1. The flaw exists in the tools/tiffcrop.c component, which is part of the libtiff tools suite used for cropping TIFF images. A double free occurs when a program calls free() twice on the same memory address, leading to undefined behavior such as memory corruption, crashes, or potential exploitation. According to the CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), the attack requires local access (AV:L), low complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). The scope is unchanged (S:U), with no confidentiality or integrity impact but a high impact on availability (A:H), indicating a denial of service condition. The vulnerability is classified under CWE-415 (Double Free). No patches or known exploits are currently available, suggesting this is a recently disclosed issue. The vulnerability primarily affects applications or systems that utilize the vulnerable libtiff version and invoke the tiffcrop tool or related functionality. Exploitation could cause application crashes or denial of service, potentially disrupting workflows that rely on TIFF image processing. Given the local attack vector and requirement for user interaction, remote exploitation is unlikely without additional attack vectors.

The primary impact of CVE-2025-61145 is denial of service through application crashes caused by double free memory corruption. Organizations relying on libtiff for TIFF image processing in local environments or embedded systems may experience service interruptions or application instability. While confidentiality and integrity are not directly affected, availability disruptions can impact business operations, especially in imaging workflows, document processing, or systems that automate TIFF handling. The vulnerability's local attack vector limits its exploitation to users with access to the affected system, reducing the risk of widespread remote attacks. However, in multi-user environments or systems processing untrusted TIFF files, attackers could induce crashes to disrupt services. The lack of known exploits and patches currently limits immediate risk, but the vulnerability should be addressed promptly to prevent potential future exploitation or chaining with other vulnerabilities.

1. Monitor official libtiff repositories and security advisories for patches addressing CVE-2025-61145 and apply updates promptly once available. 2. Until patches are released, restrict access to systems running vulnerable libtiff versions to trusted users only, minimizing exposure to untrusted TIFF files. 3. Implement input validation and sanitization for TIFF files processed by tiffcrop or related tools to reduce the risk of triggering the double free condition. 4. Consider using alternative TIFF processing tools or libraries that are not affected by this vulnerability if immediate patching is not feasible. 5. Conduct code audits and memory management reviews in custom applications that embed libtiff to identify and mitigate similar double free risks. 6. Employ runtime protections such as memory corruption detection tools (e.g., AddressSanitizer) during development and testing to catch double free errors early. 7. Educate users about the risk of opening or processing untrusted TIFF files locally, especially in environments where user interaction is required for exploitation.