FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

(lib)tiff -- Integer Overflow or Wraparound

Affected packages
tiff < 4.7.1_1

Details

VuXML ID 766bb9b5-357f-11f1-98f0-00a098b42aeb
Discovery 2026-03-24
Entry 2026-04-11

PrymEvol and Quang Luong reports:

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

[source]

References

CVE Name CVE-2026-4775
URL https://cveawg.mitre.org/api/cve/CVE-2026-4775

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.