CVE-2025-8534: 
Linux Debian vulnerability analysis and mitigation

A vulnerability classified as problematic was found in libtiff 4.6.0, identified as CVE-2025-8534. The vulnerability affects the function PSLvl2page in the file tools/tiff2ps.c of the tiff2ps component. This issue was discovered in August 2025 and affects libtiff installations with DEFERSTRILE_LOAD enabled or when using TIFFOpen with the 'rD' option (VulDB).

The vulnerability is a null pointer dereference issue (CWE-476) in the PSLvl2page function when processing TIFFTAGSTRIPBYTECOUNTS and TIFFTAGTILEBYTECOUNTS tags. The issue occurs specifically when DEFERSTRILE_LOAD (defer-strile-load:BOOL=ON) is enabled or when using TIFFOpen with the 'rD' option. The vulnerability has been assigned a CVSS v3.1 base score of 2.5 (LOW) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L (VulDB, LibTIFF Commit).

The vulnerability affects the availability of the system by causing a null pointer dereference that typically results in a crash or program exit. The impact is limited to local attacks and requires specific conditions to be exploited (VulDB).

The vulnerability has been patched in the LibTIFF repository with commit 6ba36f159fd396ad11bf6b7874554197736ecc8b. The fix involves adding checks for the return value of TIFFGetField() for TIFFTAGSTRIPBYTECOUNTS and TIFFTAGTILEBYTECOUNTS to avoid the null pointer dereference. It is recommended to apply this patch to affected systems (LibTIFF Commit).