Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-4775

red hat · red hat enterprise linux

Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing

Description

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
debian	debian linux	cert_advisory	90%
open source	open source libtiff	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2026-4775(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2450768(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories1d ago

[NEU] [mittel] libTIFF: Schwachstelle ermöglicht Codeausführung und DoS

→ No new info (linked only)

Tier A

Microsoft MSRC14d ago

CVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing

→ No new info (linked only)

CVSS 3.17.8 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-190

PublishedMar 24, 2026

Last enriched8d ago

Trending Score32

Source articles2

Independent2

Info Completeness5/14

Missing: vendor, product, versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

NONECVE-2026-4631

Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection

NONECVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

NONECVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Discovered by ZDM

Apr 1, 2026