High severity7.8NVD Advisory· Published Mar 24, 2026· Updated Jun 15, 2026
CVE-2026-4775
CVE-2026-4775
Description
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords12 versionspkg:apk/chainguard/tiffpkg:apk/wolfi/tiffpkg:rpm/almalinux/compat-libtiff3pkg:rpm/almalinux/libtiffpkg:rpm/almalinux/libtiff-develpkg:rpm/almalinux/libtiff-toolspkg:rpm/almalinux/mingw32-libtiffpkg:rpm/almalinux/mingw32-libtiff-staticpkg:rpm/almalinux/mingw64-libtiffpkg:rpm/almalinux/mingw64-libtiff-staticpkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.2
< 4.7.1-r5+ 11 more
- (no CPE)range: < 4.7.1-r5
- (no CPE)range: < 4.7.1-r5
- (no CPE)range: < 3.9.4-15.el8_10
- (no CPE)range: < 4.6.0-6.el10_1.3
- (no CPE)range: < 4.6.0-6.el10_1.3
- (no CPE)range: < 4.6.0-6.el10_1.3
- (no CPE)range: < 4.0.9-4.el8_10
- (no CPE)range: < 4.0.9-4.el8_10
- (no CPE)range: < 4.0.9-4.el8_10
- (no CPE)range: < 4.0.9-4.el8_10
- (no CPE)range: < 4.7.1-5.1
- (no CPE)range: < 4.7.1-160000.2.1
Patches
Vulnerability mechanics
References
24- access.redhat.com/security/cve/CVE-2026-4775nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2026/04/msg00016.htmlnvdMailing ListThird Party Advisory
- access.redhat.com/errata/RHSA-2026:12265nvd
- access.redhat.com/errata/RHSA-2026:12271nvd
- access.redhat.com/errata/RHSA-2026:14929nvd
- access.redhat.com/errata/RHSA-2026:16055nvd
- access.redhat.com/errata/RHSA-2026:19150nvd
- access.redhat.com/errata/RHSA-2026:19363nvd
- access.redhat.com/errata/RHSA-2026:19585nvd
- access.redhat.com/errata/RHSA-2026:19586nvd
- access.redhat.com/errata/RHSA-2026:19604nvd
- access.redhat.com/errata/RHSA-2026:19608nvd
- access.redhat.com/errata/RHSA-2026:19609nvd
- access.redhat.com/errata/RHSA-2026:19657nvd
- access.redhat.com/errata/RHSA-2026:19659nvd
- access.redhat.com/errata/RHSA-2026:19702nvd
- access.redhat.com/errata/RHSA-2026:20583nvd
- access.redhat.com/errata/RHSA-2026:20585nvd
- access.redhat.com/errata/RHSA-2026:20591nvd
- access.redhat.com/errata/RHSA-2026:20592nvd
- access.redhat.com/errata/RHSA-2026:24992nvd
- access.redhat.com/errata/RHSA-2026:25096nvd
- access.redhat.com/errata/RHSA-2026:25910nvd
News mentions
0No linked articles in our index yet.