CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

USN-8347-1 qtwebengine-opensource-src vulnerability

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

Important: Red Hat Security Advisory: compat-libtiff3 security update

An update for compat-libtiff3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

CLSA-2026-1778090588 libtiff: Fix of CVE-2026-4775

CVE-2026-4775: fix signed integer overflow in YCbCr tile decoder helpers in TIFFReadRGBAImage that could lead to heap overflow on crafted images with huge width...

Astra Linux - уязвимость в tiff

A vulnerability has been identified in LibTIFF 4.7.0. This affects the function main of the tiffcrop.c file in the tiffcrop component. Performing certain manipulations may lead to memory corruption. This attack can only be executed locally. The exploit has been made available to the public, and i...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds read in tiffcrop at line 3400 of tools/tiffcrop.c, allowing attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile LibTIFF from source code, the fix is available in the commit afaabc3e...

Important: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

Security update for tiff

This update for tiff fixes the following issues: CVE-2025-61143: Fixed NULL pointer dereference bsc1258798. CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer bsc1258801. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the tiff decoder. An attacker can trigger excessive memory allocation by submitting a specially crafted TIFF file, potentially leading to resource exhaustion or denial of service...

CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

CLSA-2026-1772622084 libtiff: Fix of CVE-2025-61144

CVE-2025-61144: add MAXSAMPLES bounds check in combineSeparateSamplesBytes to prevent stack-based buffer overflow when spp exceeds MAXSAMPLES in tiffcrop...

CVE-2025-61144

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function...

MiracleLinux 7 : compat-libtiff3-3.9.4-12.el7 (AXSA:2019-4119:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4119:01 advisory. libtiff: NULL pointer dereference in tifprint.c:TIFFPrintDirectory causes a denial of service CVE-2018-7456 Tenable has extracted the preceding description...

Important: Red Hat Security Advisory: spice-client-win security update

An update for spice-client-win is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

K000157991: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2023-0803 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE-2023-0802...

JLSEC-2025-251 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rg...

The TIFFFdOpen function in tifunix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb...

JLSEC-2025-274 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...