7.8
CVE-2026-4775
- EPSS 0.55%
- Veröffentlicht 24.03.2026 14:42:47
- Zuletzt bearbeitet 30.06.2026 03:20:41
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Hardened Images Version-
Debian ≫ Debian Linux Version11.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.418 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://access.redhat.com/security/cve/CVE-2026-4775
https://bugzilla.redhat.com/show_bug.cgi?id=2450768
https://lists.debian.org/debian-lts-announce/2026/04/msg00016.html
https://access.redhat.com/errata/RHSA-2026:12265
https://access.redhat.com/errata/RHSA-2026:12271
https://access.redhat.com/errata/RHSA-2026:14929
https://access.redhat.com/errata/RHSA-2026:16055
https://access.redhat.com/errata/RHSA-2026:19150
https://access.redhat.com/errata/RHSA-2026:19363
https://access.redhat.com/errata/RHSA-2026:19585
https://access.redhat.com/errata/RHSA-2026:19586
https://access.redhat.com/errata/RHSA-2026:19608
https://access.redhat.com/errata/RHSA-2026:19609
https://access.redhat.com/errata/RHSA-2026:19657
https://access.redhat.com/errata/RHSA-2026:19604
https://access.redhat.com/errata/RHSA-2026:19659
https://access.redhat.com/errata/RHSA-2026:19702
https://access.redhat.com/errata/RHSA-2026:20583
https://access.redhat.com/errata/RHSA-2026:20585
https://access.redhat.com/errata/RHSA-2026:20591
https://access.redhat.com/errata/RHSA-2026:20592
https://access.redhat.com/errata/RHSA-2026:24992
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25910
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:30349
https://access.redhat.com/errata/RHSA-2026:33388
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4775.json