{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4775", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-03-24T14:26:05.988Z", "datePublished": "2026-03-24T14:42:47.529Z", "dateUpdated": "2026-05-07T21:24:46.165Z"}, "containers": {"cna": {"title": "Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libtiff", "defaultStatus": "affected", "versions": [{"version": "0:4.6.0-6.el10_1.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.1"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-libtiff", "defaultStatus": "affected", "versions": [{"version": "0:4.0.9-4.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libtiff", "defaultStatus": "affected", "versions": [{"version": "0:4.4.0-15.el9_7.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libtiff", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compat-libtiff3", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libtiff", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compat-libtiff3", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libtiff", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libtiff", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:12265", "name": "RHSA-2026:12265", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:12271", "name": "RHSA-2026:12271", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:14929", "name": "RHSA-2026:14929", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-4775", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "name": "RHBZ#2450768", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-24T14:33:35.730Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound", "workarounds": [{"lang": "en", "value": "To mitigate this issue, avoid processing untrusted or maliciously crafted TIFF files with applications linked against the libtiff library. If processing untrusted TIFF files is unavoidable, consider running the affected applications within a sandboxed environment to limit the potential impact of successful exploitation. This operational control helps contain the effects of an out-of-bounds write, reducing the risk of denial of service or arbitrary code execution."}], "timeline": [{"lang": "en", "time": "2026-03-24T14:23:23.826Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-24T14:33:35.730Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank PrymEvol and Quang Luong for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-07T21:24:46.165Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4775"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T03:55:55.028Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00016.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-17T16:20:28.027Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00016.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-17T16:20:28.027Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T15:07:35.223065Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:07:39.053Z"}}], "cna": {"title": "Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing", "credits": [{"lang": "en", "value": "Red Hat would like to thank PrymEvol and Quang Luong for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.1"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:4.6.0-6.el10_1.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:4.0.9-4.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "mingw-libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:4.4.0-15.el9_7.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "compat-libtiff3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "compat-libtiff3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:hummingbird:1"], "vendor": "Red Hat", "product": "Red Hat Hardened Images", "packageName": "libtiff", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-03-24T14:23:23.826Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-24T14:33:35.730Z", "value": "Made public."}], "datePublic": "2026-03-24T14:33:35.730Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:12265", "name": "RHSA-2026:12265", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:12271", "name": "RHSA-2026:12271", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:14929", "name": "RHSA-2026:14929", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-4775", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "name": "RHBZ#2450768", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "To mitigate this issue, avoid processing untrusted or maliciously crafted TIFF files with applications linked against the libtiff library. If processing untrusted TIFF files is unavoidable, consider running the affected applications within a sandboxed environment to limit the potential impact of successful exploitation. This operational control helps contain the effects of an out-of-bounds write, reducing the risk of denial of service or arbitrary code execution."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-07T21:24:46.165Z"}, "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"}}, "cveMetadata": {"cveId": "CVE-2026-4775", "state": "PUBLISHED", "dateUpdated": "2026-05-07T21:24:46.165Z", "dateReserved": "2026-03-24T14:26:05.988Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-24T14:42:47.529Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FFD25C1-A304-486F-A36B-7167EEF33388", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*", "matchCriteriaId": "87DEB507-5B64-47D7-9A50-3B87FD1E571F", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en la biblioteca libtiff. Un atacante remoto podr\u00eda explotar una vulnerabilidad de desbordamiento de entero con signo en la funci\u00f3n putcontig8bitYCbCr44tile al proporcionar un archivo TIFF especialmente dise\u00f1ado. Este fallo puede llevar a una escritura fuera de l\u00edmites en el heap debido a c\u00e1lculos incorrectos del puntero de memoria, potencialmente causando una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2026-4775", "lastModified": "2026-05-07T22:16:36.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2026-03-24T15:16:39.693", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:12265"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:12271"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:14929"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-4775"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00016.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank PrymEvol and Quang Luong for reporting this issue.", "bugzilla": {"description": "libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing", "id": "2450768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted or maliciously crafted TIFF files with applications linked against the libtiff library. If processing untrusted TIFF files is unavoidable, consider running the affected applications within a sandboxed environment to limit the potential impact of successful exploitation. This operational control helps contain the effects of an out-of-bounds write, reducing the risk of denial of service or arbitrary code execution."}, "name": "CVE-2026-4775", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-24T14:33:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4775\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4775"], "statement": "A flaw in the libtiff library, affecting the processing of specially crafted TIFF files, could lead to a denial of service or potentially arbitrary code execution. This vulnerability, caused by a signed integer overflow during TIFF image processing, results in an out-of-bounds heap write. Red Hat products that process untrusted TIFF files using libtiff may be impacted.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 10", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-09T19:28:53.560650+00:00", "value": {"mitigation_remediation": ["Apply the latest Red\u202fHat update that addresses CVE\u20112026\u20114775, which replaces the vulnerable libtiff package.", "If upgrading is not possible, stop processing untrusted or maliciously crafted TIFF files with any application that links against libtiff.", "If processing untrusted TIFF files is unavoidable, run the affected applications inside a sandboxed or isolated environment to limit the potential impact of an out\u2011of\u2011bounds write, thereby reducing the risk of denial of service or code execution."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution or Denial of Service via Heap Out\u2011of\u2011Bounds Write"}, "threat_synthesis": {"affected_systems": "Systems that ship with the libtiff library from Red\u202fHat Enterprise Linux version\u202f10, 6, 7, 8, 9, Red\u202fHat Hardened Images, and the Red\u202fHat Hummingbird derivative are all affected, as these releases include the vulnerable libtiff 4.x packages.", "description_and_impact": "A flaw in the libtiff function putcontig8bitYCbCr44tile permits a signed integer overflow when parsing a specially crafted TIFF file. The overflow corrupts memory pointer arithmetic, leading to an out\u2011of\u2011bounds heap write that can either crash the application or, in the most severe case, allow an attacker to execute arbitrary code on the affected system.", "risk_and_exploitability": "The CVSS score of 7.8 indicates high severity, while an EPSS score below 1\u202f% suggests that exploitation in the wild is currently uncommon. The vulnerability is not listed in CISA\u2019s KEV catalog. An attacker only needs to supply a malicious TIFF file to a vulnerable application; no special privileges are required. Services that accept or process TIFF uploads, or any application linked against libtiff, could be exposed to denial of service or remote code execution if the flaw remains unmitigated."}}}}, "created": "2026-03-25T11:47:21.471780+00:00", "updated": "2026-04-10T09:46:15.959423+00:00", "vendors": ["redhat", "redhat$PRODUCT$enterprise_linux"]}