rpm package
almalinux/compat-libtiff3
pkg:rpm/almalinux/compat-libtiff3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4775 | Hig | 7.8 | < 3.9.4-15.el8_10 | 3.9.4-15.el8_10 | Mar 24, 2026 | A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer | |
| CVE-2025-9900 | Hig | 8.8 | < 3.9.4-14.el8_10 | 3.9.4-14.el8_10 | Sep 23, 2025 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing |
- affected < 3.9.4-15.el8_10fixed 3.9.4-15.el8_10
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer
- affected < 3.9.4-14.el8_10fixed 3.9.4-14.el8_10
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing