CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potent...

high 7.8 CVSS 3.1
Published: Mar 24, 2026
Modified: May 26, 2026
Vendor: Libtiff
Product: Libtiff
Versions: 11.0,6.0,7.0,8.0,9.0,10.0

Description

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

References

Related CVEs

CVE-2016-9535 critical · 9.8
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual t