Integer Overflow Vulnerability in libtiff Affects Multiple Products
CVE-2026-4775

7.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
24 March 2026

What is CVE-2026-4775?

A vulnerability has been discovered in the libtiff library whereby a remote attacker can exploit a signed integer overflow in the putcontig8bitYCbCr44tile function. By supplying a specifically crafted TIFF file, the flaw can trigger incorrect memory pointer calculations leading to an out-of-bounds heap write. This could result in an application crash or potentially allow the execution of arbitrary code. Users of the affected libtiff versions should take immediate action to mitigate this risk.

Affected Version(s)

Red Hat Enterprise Linux 10 0:4.6.0-6.el10_1.3

Red Hat Enterprise Linux 9 0:4.4.0-15.el9_7.3

References

https://access.redhat.com/errata/RHSA-2026:12265
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12271
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-4775
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank PrymEvol and Quang Luong for reporting this issue.
.