A flaw in libtiff allows a write-what-where condition when a TIFF file contains an unusually large image height. The library writes attacker-controlled color data to an arbitrary memory location, which can lead to a crash (denial of service) or execution of arbitrary code with the permissions of the user that runs the process. This is a classic memory corruption bug that can be exploited when the application accepts TIFF input from an untrusted source. It is inferred from the description that the attacker supplies a specially crafted TIFF file to trigger the vulnerability.

Affected products are numerous Red Hat offerings, including Red Hat AI Inference Server 3.2, Red Hat Discovery 2 and all supported releases of Red Hat Enterprise Linux from version 6 through 10, Enterprise Linux 8 and 9 with their advanced and extended update support branches, as well as Red Hat Hardened images. The affected versions are those listed in the vendor’s errata (RHSA‑2025‑17651, RHSA‑2025‑17675, RHSA‑2025‑17710, …​).

The CVSS score of 8.8 marks this flaw as high severity, but the EPSS score of less than 1% indicates that exploitation is considered unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to supply a crafted TIFF file to the vulnerable application; if the application runs under elevated privileges, the corrupt memory could give the attacker code execution within that privilege level. The lack of a published exploit and the low EPSS suggest that the risk is moderate until a zero‑day payload is discovered.