Description
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Published: 2026-03-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution or Denial of Service via Heap Out‑of‑Bounds Write
Action: Patch Immediately
AI Analysis

Impact

A flaw in the libtiff function putcontig8bitYCbCr44tile permits a signed integer overflow when parsing a specially crafted TIFF file. The overflow corrupts memory pointer arithmetic, leading to an out‑of‑bounds heap write that can either crash the application or, in the most severe case, allow an attacker to execute arbitrary code on the affected system.

Affected Systems

Systems that ship with the libtiff library from Red Hat Enterprise Linux version 10, 6, 7, 8, 9, Red Hat Hardened Images, and the Red Hat Hummingbird derivative are all affected, as these releases include the vulnerable libtiff 4.x packages.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while an EPSS score below 1 % suggests that exploitation in the wild is currently uncommon. The vulnerability is not listed in CISA’s KEV catalog. An attacker only needs to supply a malicious TIFF file to a vulnerable application; no special privileges are required. Services that accept or process TIFF uploads, or any application linked against libtiff, could be exposed to denial of service or remote code execution if the flaw remains unmitigated.

Generated by OpenCVE AI on April 9, 2026 at 19:28 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid processing untrusted or maliciously crafted TIFF files with applications linked against the libtiff library. If processing untrusted TIFF files is unavoidable, consider running the affected applications within a sandboxed environment to limit the potential impact of successful exploitation. This operational control helps contain the effects of an out-of-bounds write, reducing the risk of denial of service or arbitrary code execution.

OpenCVE Recommended Actions

  • Apply the latest Red Hat update that addresses CVE‑2026‑4775, which replaces the vulnerable libtiff package.
  • If upgrading is not possible, stop processing untrusted or maliciously crafted TIFF files with any application that links against libtiff.
  • If processing untrusted TIFF files is unavoidable, run the affected applications inside a sandboxed or isolated environment to limit the potential impact of an out‑of‑bounds write, thereby reducing the risk of denial of service or code execution.

Generated by OpenCVE AI on April 9, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4536-1 tiff security update
Debian DSA Debian DSA DSA-6303-1 tiff security update
History

Fri, 17 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
References

Thu, 09 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Wed, 25 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Title Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Hummingbird
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-17T16:20:28.027Z

Reserved: 2026-03-24T14:26:05.988Z

Link: CVE-2026-4775

cve-icon Vulnrichment

Updated: 2026-04-17T16:20:28.027Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-03-24T15:16:39.693

Modified: 2026-04-17T17:17:09.743

Link: CVE-2026-4775

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-24T14:33:35Z

Links: CVE-2026-4775 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:15Z

Weaknesses