A signed integer overflow vulnerability (CVE-2026-4775, CVSS 7.8 HIGH) in the libtiff library allows for arbitrary code execution or denial of service via specially crafted TIFF file processing. The vulnerability affects libtiff versions up to, but not including, the patched version provided in this Red Hat update for Enterprise Linux 9.6 Extended Update Support. Administrators must apply the specific libtiff security update referenced in RHSA-2026:19585 to their affected RHEL 9.6 systems.
Red Hat Product Errata RHSA-2026:19585 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19585 - Security Advisory Overview Updated Packages Synopsis Important: libtiff security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2450768 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVEs CVE-2026-4775 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 x86_64 libtiff-4.4.0-13.el9_6.4.i686.rpm SHA-256: f1ba12c385effbf4453c12cd1d622a927054da018a60a4d860b18f2695355bb2 libtiff-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 2365022dc165ec3dc1936eb25fdfcd94ba93b86d59fa49cf567b16d9cfb9e027 libtiff-debuginfo-4.4.0-13.el9_6.4.i686.rpm SHA-256: 8463f808351e776a709e60dd989a22861daa70ef0722ead389d03cb1459c3035 libtiff-debuginfo-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 668e310621e183ca1568c89e7c0f465940235ca062d103712a6754913dbdf645 libtiff-debugsource-4.4.0-13.el9_6.4.i686.rpm SHA-256: 153cfda44f7c07d6fa78c33f57513e12e0d817ba650f19076e650e4788fe7f7c libtiff-debugsource-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 250a45a05a2e39007046899b44dfe38547222f7fd14d39382bbef4744794f50c libtiff-devel-4.4.0-13.el9_6.4.i686.rpm SHA-256: d4b85459c983101e489d883c2aea9e33f6f1f9017a7d547b2964d9f32f5e0c52 libtiff-devel-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: f701a4b8e77b65d83b0422d8e187c82ff67890b6053fb7b23280ee8b18c7696d libtiff-tools-debuginfo-4.4.0-13.el9_6.4.i686.rpm SHA-256: 778690dd84de87e6b5c0affec19626ec8b681b6adcdabd1c4fdcb9807c66f771 libtiff-tools-debuginfo-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 2c3331957cd7a99396152e2076186f2f78bf4b1fe5d86be3089f6831e52eea4e Red Hat Enterprise Linux Server - AUS 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 x86_64 libtiff-4.4.0-13.el9_6.4.i686.rpm SHA-256: f1ba12c385effbf4453c12cd1d622a927054da018a60a4d860b18f2695355bb2 libtiff-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 2365022dc165ec3dc1936eb25fdfcd94ba93b86d59fa49cf567b16d9cfb9e027 libtiff-debuginfo-4.4.0-13.el9_6.4.i686.rpm SHA-256: 8463f808351e776a709e60dd989a22861daa70ef0722ead389d03cb1459c3035 libtiff-debuginfo-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 668e310621e183ca1568c89e7c0f465940235ca062d103712a6754913dbdf645 libtiff-debugsource-4.4.0-13.el9_6.4.i686.rpm SHA-256: 153cfda44f7c07d6fa78c33f57513e12e0d817ba650f19076e650e4788fe7f7c libtiff-debugsource-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 250a45a05a2e39007046899b44dfe38547222f7fd14d39382bbef4744794f50c libtiff-devel-4.4.0-13.el9_6.4.i686.rpm SHA-256: d4b85459c983101e489d883c2aea9e33f6f1f9017a7d547b2964d9f32f5e0c52 libtiff-devel-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: f701a4b8e77b65d83b0422d8e187c82ff67890b6053fb7b23280ee8b18c7696d libtiff-tools-debuginfo-4.4.0-13.el9_6.4.i686.rpm SHA-256: 778690dd84de87e6b5c0affec19626ec8b681b6adcdabd1c4fdcb9807c66f771 libtiff-tools-debuginfo-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 2c3331957cd7a99396152e2076186f2f78bf4b1fe5d86be3089f6831e52eea4e Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 s390x libtiff-4.4.0-13.el9_6.4.s390x.rpm SHA-256: 8a21f9563dd9e87af3e869a7f8a0742da3a84b87305e4fec06493696e680184e libtiff-debuginfo-4.4.0-13.el9_6.4.s390x.rpm SHA-256: b0f3f56a69dbb4f5e97666cade7aadda3b274614965165d8e4311317d963c13a libtiff-debugsource-4.4.0-13.el9_6.4.s390x.rpm SHA-256: c938cfe83bea77a88d1fd2e36d90ab9e065ee000fa1a080dee81530d70e83674 libtiff-devel-4.4.0-13.el9_6.4.s390x.rpm SHA-256: 4a20098e182104eabed5996f9c6a2bf829a2358fc407721e8905dc2b2afe82f8 libtiff-tools-debuginfo-4.4.0-13.el9_6.4.s390x.rpm SHA-256: a9f22c652361e88ade80c6c466212fb8015d6b85f76e682bb02e51e0c49b3672 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 ppc64le libtiff-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: 48066da367357f02df9ae515f0c2132f113aadc5722e3e915cc517c0d9f213af libtiff-debuginfo-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: ff4bc86eeb9e8b5cd0b25207c44c89d0d397df11457d5b44b2b334a6698a22c5 libtiff-debugsource-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: 953db937a2c7ce923cd069defc47e06e55ca06faf2765fe950491a373d4862a8 libtiff-devel-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: a79506fcd1a3fc21088893bbb903bb69aca56433718a93934bb252aa19acd690 libtiff-tools-debuginfo-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: ddae4909fb67a107260a6396e291e6a095c9459d83ffcebedd90749b875d1346 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 aarch64 libtiff-4.4.0-13.el9_6.4.aarch64.rpm SHA-256: dc156f7daca443a7697cb287710c17630ed3086b9a2fef2d1f7e0186798f0d9d libtiff-debuginfo-4.4.0-13.el9_6.4.aarch64.rpm SHA-256: 6fedc4afdb268fa8cfc917e04e0d86c67cec67cdc2b9f3ccaaf208d0debf9c5d libtiff-debugsource-4.4.0-13.el9_6.4.aarch64.rpm SHA-256: 58f98976cfccc37eed439c0b312f28eee05e0a21676f91b376497b25610a46f3 libtiff-devel-4.4.0-13.el9_6.4.aarch64.rpm SHA-256: 3d943b4e0e792dd2c1d1be768282abfad75b6c7d449dfb813f6e9caeba09daa3 libtiff-tools-debuginfo-4.4.0-13.el9_6.4.aarch64.rpm SHA-256: 014d2b906a6e15ed1cd3d3f1dd5b31d32e4152ec0814ee8f7335cad645a0539d Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 ppc64le libtiff-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: 48066da367357f02df9ae515f0c2132f113aadc5722e3e915cc517c0d9f213af libtiff-debuginfo-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: ff4bc86eeb9e8b5cd0b25207c44c89d0d397df11457d5b44b2b334a6698a22c5 libtiff-debugsource-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: 953db937a2c7ce923cd069defc47e06e55ca06faf2765fe950491a373d4862a8 libtiff-devel-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: a79506fcd1a3fc21088893bbb903bb69aca56433718a93934bb252aa19acd690 libtiff-tools-debuginfo-4.4.0-13.el9_6.4.ppc64le.rpm SHA-256: ddae4909fb67a107260a6396e291e6a095c9459d83ffcebedd90749b875d1346 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM libtiff-4.4.0-13.el9_6.4.src.rpm SHA-256: 5fd8241d2bde19018f34ab7a70ad920900056e2fad54df8011aec4b3b0df1644 x86_64 libtiff-4.4.0-13.el9_6.4.i686.rpm SHA-256: f1ba12c385effbf4453c12cd1d622a927054da018a60a4d860b18f2695355bb2 libtiff-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 2365022dc165ec3dc1936eb25fdfcd94ba93b86d59fa49cf567b16d9cfb9e027 libtiff-debuginfo-4.4.0-13.el9_6.4.i686.rpm SHA-256: 8463f808351e776a709e60dd989a22861daa70ef0722ead389d03cb1459c3035 libtiff-debuginfo-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 668e310621e183ca1568c89e7c0f465940235ca062d103712a6754913dbdf645 libtiff-debugsource-4.4.0-13.el9_6.4.i686.rpm SHA-256: 153cfda44f7c07d6fa78c33f57513e12e0d817ba650f19076e650e4788fe7f7c libtiff-debugsource-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: 250a45a05a2e39007046899b44dfe38547222f7fd14d39382bbef4744794f50c libtiff-devel-4.4.0-13.el9_6.4.i686.rpm SHA-256: d4b85459c983101e489d883c2aea9e33f6f1f9017a7d547b2964d9f32f5e0c52 libtiff-devel-4.4.0-13.el9_6.4.x86_64.rpm SHA-256: f701a4b8e77b65d83b0422d8e187c82