CVE-2025-8177: 
NixOS vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-8177) was discovered in LibTIFF versions up to 4.7.0, affecting the setrow function in tools/thumbnail.c. The vulnerability was disclosed on July 26, 2025, and impacts the LibTIFF image processing library. The issue has been classified as a buffer overflow vulnerability that requires local access to exploit (NVD, Red Hat).

The vulnerability is a global buffer overflow in the setrow function located in tools/thumbnail.c. It has received a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. The issue is categorized under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input) (Red Hat).

The buffer overflow vulnerability can allow a local attacker to cause a denial of service and potentially execute arbitrary code. The vulnerability affects the processing of image data, specifically during row data assignment, due to insufficient bounds checking (Red Hat).

A patch has been released and is identified by the commit e8c9d6c616b19438695fd829e58ae4fde5bfbc22. However, this vulnerability only affects products that are no longer supported by the maintainer. For systems where patches cannot be applied, mitigation options are either not available or do not meet security criteria for ease of use and deployment (NVD, Red Hat).