CVE-2025-8851 is a stack-based buffer overflow vulnerability identified in LibTIFF versions up to 4.5.1, specifically within the function readSeparateStripsetoBuffer located in the tools/tiffcrop.c file of the tiffcrop component. LibTIFF is a widely used open-source library for reading and writing TIFF (Tagged Image File Format) files, which are common in various imaging applications. The vulnerability arises from improper handling of input data in the readSeparateStripsetoBuffer function, leading to a stack-based buffer overflow condition. This overflow can corrupt the stack memory, potentially allowing an attacker with local access and low privileges to execute arbitrary code or cause a denial of service by crashing the application. Exploitation requires local access and does not need user interaction, but it does require low-level privileges on the affected system. The vulnerability has a CVSS 4.8 (medium) score, reflecting limited impact and exploitability due to the local access requirement and the need for low privileges. A patch has been identified (commit 8a7a48d7a645992ca83062b3a1873c951661e2b3) to address this issue, and it is recommended to apply this update to affected versions 4.5.0 and 4.5.1 of LibTIFF. No known exploits are currently reported in the wild, indicating this is a newly disclosed vulnerability.

For European organizations, the impact of CVE-2025-8851 depends largely on the deployment of LibTIFF in their environments. LibTIFF is commonly used in imaging software, document management systems, and some scientific or medical imaging applications. A successful exploit could allow a local attacker to escalate privileges or disrupt services by causing application crashes. This could lead to data corruption or denial of service in critical imaging workflows, potentially affecting sectors such as healthcare, government, and media where TIFF files are prevalent. However, since exploitation requires local access and low privileges, the risk of remote compromise is low, limiting the threat to insider attackers or those who have already gained some foothold in the network. European organizations with strict access controls and endpoint protection may mitigate the risk effectively, but those with less mature internal security controls could face higher exposure. Additionally, the vulnerability could be leveraged as part of a multi-stage attack chain to escalate privileges or move laterally within a network.

To mitigate CVE-2025-8851, European organizations should: 1) Immediately apply the official patch or update LibTIFF to a version beyond 4.5.1 where the vulnerability is fixed. 2) Conduct an inventory of all systems and applications using LibTIFF, especially those handling TIFF files in imaging or document processing workflows. 3) Restrict local access to systems running vulnerable versions of LibTIFF to trusted users only, enforcing the principle of least privilege. 4) Implement endpoint detection and response (EDR) solutions to monitor for unusual process behavior or crashes related to TIFF processing tools like tiffcrop. 5) Employ application whitelisting and sandboxing for tools that process TIFF files to limit the impact of potential exploitation. 6) Educate system administrators and users about the risks of local exploitation and encourage reporting of suspicious activity. 7) Regularly review and update internal security policies to ensure that local access controls and patch management processes are robust and timely.