A signed integer overflow vulnerability (CVE-2026-4775, CVSS 7.8 HIGH) in libtiff can lead to arbitrary code execution or denial of service when processing a malicious TIFF file. The vulnerability affects libtiff versions up to and including those shipped with Red Hat Enterprise Linux 6.0 and 7.0, as well as Debian 11.0. Red Hat has released patched packages for RHEL 8, including version libtiff-4.0.9-37.el8_10.
Red Hat Product Errata RHSA-2026:16055 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:16055 - Security Advisory Overview Updated Packages Synopsis Important: libtiff security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2450768 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVEs CVE-2026-4775 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM libtiff-4.0.9-37.el8_10.src.rpm SHA-256: b83ccd373d3eb2c066d821157bab616ef40cc3fc28b9021eb7ce0beaa0fd86c5 x86_64 libtiff-4.0.9-37.el8_10.i686.rpm SHA-256: a3fe518cbdfc46fe91213e48309cc14146f09da7c4cb50acbcf0e7cf0f147474 libtiff-4.0.9-37.el8_10.x86_64.rpm SHA-256: 66770f38f203fc39c988247e807a03d5673919c301be69d8416526140d4f1dce libtiff-debuginfo-4.0.9-37.el8_10.i686.rpm SHA-256: 32da1d60115f93064774244bb0a41cead1448695053fa19747903fdceb5da161 libtiff-debuginfo-4.0.9-37.el8_10.x86_64.rpm SHA-256: 56a8b4928b6521e46a9bd0ce38c95b177a13a98ac4ffbb8f0f4f581c9c63c956 libtiff-debugsource-4.0.9-37.el8_10.i686.rpm SHA-256: d10bf81d79f923bd548846294f94dd9bfcc5c95361f0c9ae3810b4181b460020 libtiff-debugsource-4.0.9-37.el8_10.x86_64.rpm SHA-256: e7ca32893c6a900e0aa07cd7c079a80c4f69999c57a9563ee1e1189488aac656 libtiff-devel-4.0.9-37.el8_10.i686.rpm SHA-256: 887e4c309ffe74466a4f3ef34ebfe783e98533e80061ea9f1250c4101a1fedb2 libtiff-devel-4.0.9-37.el8_10.x86_64.rpm SHA-256: 0e381880a5d9011c4b94cad1b279eeac4bfaf6588adba5299ec8d25dea47a4f6 libtiff-tools-debuginfo-4.0.9-37.el8_10.i686.rpm SHA-256: c4ed0b10ddf15b28914b92031c0c77f3ecacd8652c7059112f6ddd1b0b00db21 libtiff-tools-debuginfo-4.0.9-37.el8_10.x86_64.rpm SHA-256: c7a81f4b946c5e96ff0259df7caed2dcc027fd570c4e140b50557361ecb059e7 Red Hat Enterprise Linux for IBM z Systems 8 SRPM libtiff-4.0.9-37.el8_10.src.rpm SHA-256: b83ccd373d3eb2c066d821157bab616ef40cc3fc28b9021eb7ce0beaa0fd86c5 s390x libtiff-4.0.9-37.el8_10.s390x.rpm SHA-256: 294048b88f11f34893d19741d276580be6a95d7e4b06fa0867620312092dca2c libtiff-debuginfo-4.0.9-37.el8_10.s390x.rpm SHA-256: c991bbc81dedc822dabd1267f86fef7acb849a4497a94cab851a1c3dae2b54ba libtiff-debugsource-4.0.9-37.el8_10.s390x.rpm SHA-256: c4033c4a340d59a22cd0f693c813f1795bb0c795d5c9ab2162529a0f381fba7a libtiff-devel-4.0.9-37.el8_10.s390x.rpm SHA-256: 9fa46eb544311e99c0368600e76b18cdea00c6755338650e1894916d18924e30 libtiff-tools-debuginfo-4.0.9-37.el8_10.s390x.rpm SHA-256: 6b2a3e50bf0512dff51b649dfeb0d64c47ce700c9cbcfbe50661bea13ec62c07 Red Hat Enterprise Linux for Power, little endian 8 SRPM libtiff-4.0.9-37.el8_10.src.rpm SHA-256: b83ccd373d3eb2c066d821157bab616ef40cc3fc28b9021eb7ce0beaa0fd86c5 ppc64le libtiff-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 9b81599e802d8d06d9d2f3ea821e3ff43104dd1dab79126d326f4df14a8327b5 libtiff-debuginfo-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 7cfb5f5bc1471e547ee2e5fd2b337082f86788abe66539e2c593807ae6ae2d50 libtiff-debugsource-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 005436813794aa1b7c8a7a49fbe2004fc7fceb6666038535b534eae055db2047 libtiff-devel-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 805a62652dc4d37fc99389e64b7ce1169f1a5e6aef5b8d612cdc965e8e2682c7 libtiff-tools-debuginfo-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 15e0464d08f9de3cf314ff5f551d3e6f1a8c192e272e10045ac982dda4ce870d Red Hat Enterprise Linux for ARM 64 8 SRPM libtiff-4.0.9-37.el8_10.src.rpm SHA-256: b83ccd373d3eb2c066d821157bab616ef40cc3fc28b9021eb7ce0beaa0fd86c5 aarch64 libtiff-4.0.9-37.el8_10.aarch64.rpm SHA-256: 4b485ca977d1786438855ec35169629330f6b172e37373238febf004bbe590ef libtiff-debuginfo-4.0.9-37.el8_10.aarch64.rpm SHA-256: 3a4fa511210acd15317ef20449208e4af297d3aa697c08444ec40fabbe1375ac libtiff-debugsource-4.0.9-37.el8_10.aarch64.rpm SHA-256: d5208e7c081821e2e4a42875415b3460f3d565e8862eec28eaa0aef2b34dfdd3 libtiff-devel-4.0.9-37.el8_10.aarch64.rpm SHA-256: 2d10db9d894265df605b05ecab5cd2e697ed6ac9538fc6259313b607bf8ce2e4 libtiff-tools-debuginfo-4.0.9-37.el8_10.aarch64.rpm SHA-256: 88047897a5c951ca5abb74f3995b6b16776d923a32f71126431d77dece24774a Red Hat CodeReady Linux Builder for x86_64 8 SRPM x86_64 libtiff-debuginfo-4.0.9-37.el8_10.x86_64.rpm SHA-256: 56a8b4928b6521e46a9bd0ce38c95b177a13a98ac4ffbb8f0f4f581c9c63c956 libtiff-debugsource-4.0.9-37.el8_10.x86_64.rpm SHA-256: e7ca32893c6a900e0aa07cd7c079a80c4f69999c57a9563ee1e1189488aac656 libtiff-tools-4.0.9-37.el8_10.x86_64.rpm SHA-256: d584af1cb19312660e2dd5f0f85ad97b2aa6f908120ea369c4cd6793a09fedea libtiff-tools-debuginfo-4.0.9-37.el8_10.x86_64.rpm SHA-256: c7a81f4b946c5e96ff0259df7caed2dcc027fd570c4e140b50557361ecb059e7 Red Hat CodeReady Linux Builder for Power, little endian 8 SRPM ppc64le libtiff-debuginfo-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 7cfb5f5bc1471e547ee2e5fd2b337082f86788abe66539e2c593807ae6ae2d50 libtiff-debugsource-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 005436813794aa1b7c8a7a49fbe2004fc7fceb6666038535b534eae055db2047 libtiff-tools-4.0.9-37.el8_10.ppc64le.rpm SHA-256: c6b545adb9d3bf52015651175b2affe8bd007e09f175122f7e6ad9840554bf00 libtiff-tools-debuginfo-4.0.9-37.el8_10.ppc64le.rpm SHA-256: 15e0464d08f9de3cf314ff5f551d3e6f1a8c192e272e10045ac982dda4ce870d Red Hat CodeReady Linux Builder for ARM 64 8 SRPM aarch64 libtiff-debuginfo-4.0.9-37.el8_10.aarch64.rpm SHA-256: 3a4fa511210acd15317ef20449208e4af297d3aa697c08444ec40fabbe1375ac libtiff-debugsource-4.0.9-37.el8_10.aarch64.rpm SHA-256: d5208e7c081821e2e4a42875415b3460f3d565e8862eec28eaa0aef2b34dfdd3 libtiff-tools-4.0.9-37.el8_10.aarch64.rpm SHA-256: dd166ee4e09d0251ebb4bacba5a6b082e3726539964b28ebe97b91a5d79ba858 libtiff-tools-debuginfo-4.0.9-37.el8_10.aarch64.rpm SHA-256: 88047897a5c951ca5abb74f3995b6b16776d923a32f71126431d77dece24774a Red Hat CodeReady Linux Builder for IBM z Systems 8 SRPM s390x libtiff-debuginfo-4.0.9-37.el8_10.s390x.rpm SHA-256: c991bbc81dedc822dabd1267f86fef7acb849a4497a94cab851a1c3dae2b54ba libtiff-debugsource-4.0.9-37.el8_10.s390x.rpm SHA-256: c4033c4a340d59a22cd0f693c813f1795bb0c795d5c9ab2162529a0f381fba7a libtiff-tools-4.0.9-37.el8_10.s390x.rpm SHA-256: 5b8f288f71f7423efb9aecb37b750a23c5fb17a06ccfdd43a9b00d2b60cf87c7 libtiff-tools-debuginfo-4.0.9-37.el8_10.s390x.rpm SHA-256: 6b2a3e50bf0512dff51b649dfeb0d64c47ce700c9cbcfbe50661bea13ec62c07 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM libtiff-4.0.9-37.el8_10.src.rpm SHA-256: b83ccd373d3eb2c066d821157bab616ef40cc3fc28b9021eb7ce0beaa0fd86c5 x86_64 libtiff-4.0.9-37.el8_10.i686.rpm SHA-256: a3fe518cbdfc46fe91213e48309cc14146f09da7c4cb50acbcf0e7cf0f147474 libtiff-4.0.9-37.el8_10.x86_64.rpm SHA-256: 66770f38f203fc39c988247e807a03d5673919c301be69d8416526140d4f1dce libtiff-debuginfo-4.0.9-37.el8_10.i686.rpm SHA-256: 32da1d60115f93064774244bb0a41cead1448695053fa19747903fdceb5da161 libtiff-debuginfo-4.0.9-37.el8_10.x86_64.rpm SHA-256: 56a8b4928b6521e46a9bd0ce38c95b177a13a98ac4ffbb8f0f4f581c9c63c956 libtiff-debugsource-4.0.9-37.el8_10.i686.rpm SHA-256: d10bf81d79f923bd548846294f94dd9bfcc5c95361f0c9ae3810b4181b460020 libtiff-debugsource-4.0.9-37.el8_10.x86_64.rpm SHA-256: e7ca32893c6a900e0aa07cd7c079a80c4f69999c57a9563ee1e1189488aac656 libtiff-devel-4.0.9-37.el8_10.i686.rpm SHA-256: 887e4c309ffe74466a4f3ef34ebfe783e98533e80061ea9f1250c4101a1fedb2 libtiff-devel-4.0.9-37.el8_10.x86_64.rpm SHA-256: 0e381880a5d9011c4b94cad1b279eeac4bfaf6588adba5299ec8d25dea47a4f6 libtiff-tools-debuginfo-4.0.9-37.el8_10.i686.rpm SHA-256: c4ed0b10ddf15b28914b92031c0c77f3ecacd8652c7059112f6ddd1b0b00db21 libtiff-tools-debuginfo-4.0.9-37.el8_10.x86_64.rpm SHA-256: c7a81f4b946c5e96ff0259df7caed2dcc027fd570c4e140b50557361ecb059e7 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM libtiff-4.0.9-37.el8_10.src.rpm SHA-256: b83ccd373d3eb2c066d821157bab616ef40cc3fc28b9021eb7ce0beaa0fd86c5 aarch64 libtiff-4.0.9-37.el8_10.aarch64.rpm SHA-256: 4b485ca977d1786438855ec35169629330f6b172e37373238febf004bbe590ef libtiff-debuginfo-4.0.9-37.el8_10.aarch64.rpm SHA-256: 3a4fa511210acd15317ef20449208e4af297d3aa697c08444ec40fabbe1375ac libtiff-debugsource-4.0.9-37.el8_10.aarch64.rpm SHA-