Description
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).
Published: 2026-06-29
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap‑based buffer overflow exists in libtiff when decoding PixarLog‑compressed TIFF images that specify the PIXARLOGDATAFMT_8BITABGR output format and a particular stride value. The vulnerability can allow an attacker to overwrite memory on the heap, potentially leading to arbitrary code execution or a denial of service. The weakness is a classic buffer overflow as identified by CWE‑122.

Affected Systems

The flaw affects multiple Red Hat distributions, including Red Hat Enterprise Linux 10, 6, 7, 8, and 9, as well as Red Hat Hardened Images that rely on the libtiff library. The issue is tied to the libtiff component within these platforms.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity, although the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote: an adversary can supply a specially crafted TIFF image to any application that processes TIFF files with libtiff. The exploitation would require the application to decode a PixarLog‑compressed image using the vulnerable output format, which may be common in media or graphics processing tools.

Generated by OpenCVE AI on June 29, 2026 at 18:50 UTC.

Remediation

Vendor Workaround

To mitigate this issue, applications processing untrusted TIFF images should avoid explicitly configuring `PIXARLOGDATAFMT_8BITABGR` when decoding PixarLog-compressed TIFF images with three samples per pixel. This specific combination of output format and samples per pixel is required to trigger the heap-based buffer overflow.

OpenCVE Recommended Actions

  • Apply the latest Red Hat Enterprise Linux update that includes the libtiff fix
  • Configure your TIFF processing applications to avoid PIXARLOGDATAFMT_8BITABGR with three samples per pixel when decoding PixarLog‑compressed images
  • If the patch is not immediately available, restrict the use of PixarLog‑compressed TIFFs or switch to an alternate image library that does not use the vulnerable codec

Generated by OpenCVE AI on June 29, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).
Title Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Weaknesses CWE-122
CPEs cpe:/a:redhat:hummingbird:1
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Hummingbird
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-29T18:13:19.529Z

Reserved: 2026-06-22T15:36:26.194Z

Link: CVE-2026-12912

cve-icon Vulnrichment

Updated: 2026-06-29T18:13:15.825Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T19:00:12Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow