CVE-2026-4775

EUVD-2026-14901
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
-
redhathardened_images
-
debiandebian_linux
11.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
4.5.0-6+deb12u4
fixed
bookworm (security)
4.5.0-6+deb12u4
fixed
bullseye
vulnerable
bullseye (security)
4.2.0-1+deb11u8
fixed
forky
4.7.1-3
fixed
sid
4.7.1-3
fixed
trixie
4.7.0-3+deb13u2
fixed
trixie (security)
4.7.0-3+deb13u2
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libtiff-devel
suse enterprise desktop 15 SP7
4.7.1-150600.3.26.1
fixed
suse enterprise sap 15 SP4
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP5
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP7
4.7.1-150600.3.26.1
fixed
suse enterprise server 12 SP5
4.0.9-44.112.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP5
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP6
4.7.1-150600.3.26.1
fixed
suse enterprise server 15 SP7
4.7.1-150600.3.26.1
fixed
libtiff5
suse enterprise desktop 15 SP7
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP4
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP5
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.66.1
fixed
suse enterprise server 12 SP3
4.0.9-44.112.1
fixed
suse enterprise server 12 SP5
4.0.9-44.112.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP5
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.66.1
fixed
libtiff5-32bit
suse enterprise desktop 15 SP7
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP4
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP5
4.0.9-150000.45.66.1
fixed
suse enterprise sap 15 SP7
4.0.9-150000.45.66.1
fixed
suse enterprise server 12 SP3
4.0.9-44.112.1
fixed
suse enterprise server 12 SP5
4.0.9-44.112.1
fixed
suse enterprise server 15 SP4
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP5
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP6
4.0.9-150000.45.66.1
fixed
suse enterprise server 15 SP7
4.0.9-150000.45.66.1
fixed
libtiff6
suse enterprise desktop 15 SP7
4.7.1-150600.3.26.1
fixed
suse enterprise sap 15 SP7
4.7.1-150600.3.26.1
fixed
suse enterprise server 15 SP6
4.7.1-150600.3.26.1
fixed
suse enterprise server 15 SP7
4.7.1-150600.3.26.1
fixed
libtiff6-32bit
suse enterprise desktop 15 SP7
4.7.1-150600.3.26.1
fixed
suse enterprise sap 15 SP7
4.7.1-150600.3.26.1
fixed
suse enterprise server 15 SP6
4.7.1-150600.3.26.1
fixed
suse enterprise server 15 SP7
4.7.1-150600.3.26.1
fixed
tiff
suse enterprise server 12 SP3
4.0.9-44.112.1
fixed
suse enterprise server 12 SP5
4.0.9-44.112.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libtiff
RHEL 8
0:4.0.9-37.el8_10
fixed
RHEL 8.4 AUS
0:4.0.9-18.el8_4.2
fixed
RHEL 8.6 AUS
0:4.0.9-21.el8_6.2
fixed
RHEL 8.6 E4S
0:4.0.9-21.el8_6.2
fixed
RHEL 8.6 TUS
0:4.0.9-21.el8_6.2
fixed
RHEL 8.8 E4S
0:4.0.9-29.el8_8.2
fixed
RHEL 8.8 TUS
0:4.0.9-29.el8_8.2
fixed
RHEL 9
0:4.4.0-18.el9_8
fixed
libtiff-devel
RHEL 8
0:4.0.9-37.el8_10
fixed
RHEL 8.4 AUS
0:4.0.9-18.el8_4.2
fixed
RHEL 8.6 AUS
0:4.0.9-21.el8_6.2
fixed
RHEL 8.6 E4S
0:4.0.9-21.el8_6.2
fixed
RHEL 8.6 TUS
0:4.0.9-21.el8_6.2
fixed
RHEL 8.8 E4S
0:4.0.9-29.el8_8.2
fixed
RHEL 8.8 TUS
0:4.0.9-29.el8_8.2
fixed
RHEL 9
0:4.4.0-18.el9_8
fixed
libtiff-tools
RHEL 8
0:4.0.9-37.el8_10
fixed
RHEL 9
0:4.4.0-18.el9_8
fixed
mingw32-libtiff
RHEL 8
0:4.0.9-4.el8_10
fixed
mingw32-libtiff-static
RHEL 8
0:4.0.9-4.el8_10
fixed
mingw64-libtiff
RHEL 8
0:4.0.9-4.el8_10
fixed
mingw64-libtiff-static
RHEL 8
0:4.0.9-4.el8_10
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
compat-libtiff3
Amazon Linux 2
0:3.9.4-12.amzn2.0.9
fixed
compat-libtiff3-debuginfo
Amazon Linux 2
0:3.9.4-12.amzn2.0.9
fixed
libtiff
Amazon Linux 2
0:4.0.3-35.amzn2.0.30
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
libtiff-debuginfo
Amazon Linux 2
0:4.0.3-35.amzn2.0.30
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
libtiff-debugsource
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
libtiff-devel
Amazon Linux 2
0:4.0.3-35.amzn2.0.30
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
libtiff-static
Amazon Linux 2
0:4.0.3-35.amzn2.0.30
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
libtiff-tools
Amazon Linux 2
0:4.0.3-35.amzn2.0.30
fixed
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
libtiff-tools-debuginfo
Amazon Linux 2023
0:4.4.0-4.amzn2023.0.26
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libtiff
Azure Linux 3.0
0:4.6.0-13.azl3
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://access.redhat.com/errata/RHSA-2026:12265
https://access.redhat.com/errata/RHSA-2026:12271
https://access.redhat.com/errata/RHSA-2026:14929
https://access.redhat.com/errata/RHSA-2026:16055
https://access.redhat.com/errata/RHSA-2026:19150
https://access.redhat.com/errata/RHSA-2026:19363
https://access.redhat.com/errata/RHSA-2026:19585
https://access.redhat.com/errata/RHSA-2026:19586
https://access.redhat.com/errata/RHSA-2026:19604
https://access.redhat.com/errata/RHSA-2026:19608
https://access.redhat.com/errata/RHSA-2026:19609
https://access.redhat.com/errata/RHSA-2026:19657
https://access.redhat.com/errata/RHSA-2026:19659
https://access.redhat.com/errata/RHSA-2026:19702
https://access.redhat.com/errata/RHSA-2026:20583
https://access.redhat.com/errata/RHSA-2026:20585
https://access.redhat.com/errata/RHSA-2026:20591
https://access.redhat.com/errata/RHSA-2026:20592
https://access.redhat.com/errata/RHSA-2026:24992
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25910
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/security/cve/CVE-2026-4775
https://bugzilla.redhat.com/show_bug.cgi?id=2450768
https://lists.debian.org/debian-lts-announce/2026/04/msg00016.html