CVE-2026-4775
published 2026-03-24CVE-2026-4775: A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by…
PriorityP343high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.55%
42.0th percentile
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.5.0-6+deb12u4 (bookworm) | tiff 4.5.0-6+deb12u4 (bookworm) |
| msrc | azl3_libtiff_4.6.0-12_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libtiff_4.6.0-12_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
LibTIFF TIFF File Parser putcontig8bitYCbCr44tile integer overflow (Nessus ID 303486 / WID-SEC-2026-1031)
vuldb·2026-04-09·CVSS 7.8
CVE-2026-4775 [HIGH] LibTIFF TIFF File Parser putcontig8bitYCbCr44tile integer overflow (Nessus ID 303486 / WID-SEC-2026-1031)
A vulnerability was found in LibTIFF and classified as critical. This impacts the function putcontig8bitYCbCr44tile of the component TIFF File Parser. Such manipulation leads to integer overflow.
This vulnerability is referenced as CVE-2026-4775. It is possible to launch the attack remotely. No exploit is available.
OSV
CVE-2026-4775: A flaw was found in the libtiff library
osv·2026-03-24·CVSS 7.8
CVE-2026-4775 [HIGH] CVE-2026-4775: A flaw was found in the libtiff library
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
GHSA
GHSA-cm99-m826-vgg7: A flaw was found in the libtiff library
ghsa_unreviewed·2026-03-24
CVE-2026-4775 [HIGH] CWE-190 GHSA-cm99-m826-vgg7: A flaw was found in the libtiff library
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Red Hat
libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
vendor_redhat·2026-03-24·CVSS 7.8
CVE-2026-4775 [HIGH] CWE-190 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, poten
Microsoft
Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
vendor_msrc·2026-03-10·CVSS 7.8
CVE-2026-4775 [HIGH] CWE-190 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Debian
CVE-2026-4775: tiff - A flaw was found in the libtiff library. A remote attacker could exploit a signe...
vendor_debian·2026·CVSS 7.8
CVE-2026-4775 [HIGH] CVE-2026-4775: tiff - A flaw was found in the libtiff library. A remote attacker could exploit a signe...
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 4.5.0-6+deb12u4)
bullseye: open
forky: resolved (fixed in 4.7.1-2)
sid: resolved (fixed in 4.7.1-2)
trixie: resolved (fixed in 4.7.0-3+deb13u2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
bugzilla·2026-03-24·CVSS 7.8
CVE-2026-4775 [HIGH] CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
A flaw was found in the libtiff library. A signed integer overflow exists in the putcontig8bitYCbCr44tile function (and potentially similar functions like putcontig8bitYCbCr42tile, putcontig8bitYCbCr22tile, and putcontig8bitYCbCr12tile) within tif_getimage.c. When processing a specially crafted TIFF file with an extremely large width and specific YCbCr subsampling, the calculation for the pointer progression variable (incr) can overflow the 32-bit signed integer boundary. This results in an incorrect negative progression of memory pointers, leading to an out-of-bounds heap write. An attacker could exploit this to cause a denial of service (application crash) or
Wiz
CVE-2026-4775 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4775 [MEDIUM] CVE-2026-4775 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4775 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Source : NVD
## 7.8
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23.9
Exploitation Probability (EPSS) 0.1
Affected packages and
https://access.redhat.com/errata/RHSA-2026:12265https://access.redhat.com/errata/RHSA-2026:12271https://access.redhat.com/errata/RHSA-2026:14929https://access.redhat.com/errata/RHSA-2026:16055https://access.redhat.com/errata/RHSA-2026:19150https://access.redhat.com/errata/RHSA-2026:19363https://access.redhat.com/errata/RHSA-2026:19585https://access.redhat.com/errata/RHSA-2026:19586https://access.redhat.com/errata/RHSA-2026:19604https://access.redhat.com/errata/RHSA-2026:19608https://access.redhat.com/errata/RHSA-2026:19609https://access.redhat.com/errata/RHSA-2026:19657https://access.redhat.com/errata/RHSA-2026:19659https://access.redhat.com/errata/RHSA-2026:19702https://access.redhat.com/errata/RHSA-2026:20583https://access.redhat.com/errata/RHSA-2026:20585https://access.redhat.com/errata/RHSA-2026:20591https://access.redhat.com/errata/RHSA-2026:20592https://access.redhat.com/errata/RHSA-2026:24992https://access.redhat.com/errata/RHSA-2026:25096https://access.redhat.com/errata/RHSA-2026:25910https://access.redhat.com/errata/RHSA-2026:30078https://access.redhat.com/errata/RHSA-2026:30087https://access.redhat.com/errata/RHSA-2026:30088https://access.redhat.com/errata/RHSA-2026:30089https://access.redhat.com/errata/RHSA-2026:30349https://access.redhat.com/errata/RHSA-2026:33388https://access.redhat.com/security/cve/CVE-2026-4775https://bugzilla.redhat.com/show_bug.cgi?id=2450768https://lists.debian.org/debian-lts-announce/2026/04/msg00016.htmlhttps://access.redhat.com/errata/RHSA-2026:12265https://access.redhat.com/errata/RHSA-2026:12271https://access.redhat.com/errata/RHSA-2026:14929https://access.redhat.com/errata/RHSA-2026:16055https://access.redhat.com/errata/RHSA-2026:19150https://access.redhat.com/errata/RHSA-2026:19363https://access.redhat.com/errata/RHSA-2026:19585https://access.redhat.com/errata/RHSA-2026:19586https://access.redhat.com/errata/RHSA-2026:19604https://access.redhat.com/errata/RHSA-2026:19608https://access.redhat.com/errata/RHSA-2026:19609https://access.redhat.com/errata/RHSA-2026:19657https://access.redhat.com/errata/RHSA-2026:19659https://access.redhat.com/errata/RHSA-2026:19702https://access.redhat.com/errata/RHSA-2026:20583https://access.redhat.com/errata/RHSA-2026:20585https://access.redhat.com/errata/RHSA-2026:20591https://access.redhat.com/errata/RHSA-2026:20592https://access.redhat.com/errata/RHSA-2026:24992https://access.redhat.com/errata/RHSA-2026:25096https://access.redhat.com/errata/RHSA-2026:25910https://access.redhat.com/errata/RHSA-2026:30078https://access.redhat.com/errata/RHSA-2026:30087https://access.redhat.com/errata/RHSA-2026:30088https://access.redhat.com/errata/RHSA-2026:30089https://access.redhat.com/errata/RHSA-2026:30349https://access.redhat.com/security/cve/CVE-2026-4775https://bugzilla.redhat.com/show_bug.cgi?id=2450768https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4775.json
2026-03-24
Published