A signed integer overflow vulnerability (CVE-2026-4775, CVSS 7.8 HIGH) in libtiff can lead to arbitrary code execution or denial of service when processing a malicious TIFF file. The NVD lists affected versions as libtiff up to, but not including, a fixed version, specifically impacting Red Hat Enterprise Linux 6.0 and 7.0, and Debian Linux 11.0. The Red Hat advisory provides updated packages (e.g., libtiff-4.0.9-29.el8_8.2) for its supported RHEL 8.8 streams to remediate the issue.
Red Hat Product Errata RHSA-2026:19604 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19604 - Security Advisory Overview Updated Packages Synopsis Important: libtiff security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2450768 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVEs CVE-2026-4775 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM libtiff-4.0.9-29.el8_8.2.src.rpm SHA-256: 40dd8d3153ecdb470adeda58b16bf00d05d1806ba4e46079a40f54bb12716c1b x86_64 libtiff-4.0.9-29.el8_8.2.i686.rpm SHA-256: 1ffe0ef601e3b3bed3d245e4783f134fd4ddb8b6852e592f350d013adadd2f24 libtiff-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: a452684d84aee0b4d34cf95cdc7cdea1530ce9d6b7ad5bd529160ed5f41e8ce9 libtiff-debuginfo-4.0.9-29.el8_8.2.i686.rpm SHA-256: ecffe8523369da039aeb21f27930e66b14e068057be052b1563723cad3feadfe libtiff-debuginfo-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 93048c9b2221def0836299758a9579ddef4f8e7b6ec5e1bcd94bb36ed2b684d8 libtiff-debugsource-4.0.9-29.el8_8.2.i686.rpm SHA-256: 492481eea16c5d504a19629241dfa0b24ef9f9a106ef145ea97b7436f311c5d3 libtiff-debugsource-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: d617770d144bd92d5f9c9463541a95842176b5e3b043158f12fec14c174e2506 libtiff-devel-4.0.9-29.el8_8.2.i686.rpm SHA-256: d214530658d7d574c8714cc4a0073b01b95633781ad9183604b90d24a9af0f95 libtiff-devel-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 428d468c3231849c713724c1912be3a86735645b83bea1fe5d8665479d5d41b0 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.i686.rpm SHA-256: 65005154d4fa3724c6094399181f797fa8ce1ebb92e0a3ff88299b51b2b85c78 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 42f7b12026abe2d28b0b7e5613a19851b6aa87ba8b6baa385c8f5146d2672d47 Red Hat Enterprise Linux Server - TUS 8.8 SRPM libtiff-4.0.9-29.el8_8.2.src.rpm SHA-256: 40dd8d3153ecdb470adeda58b16bf00d05d1806ba4e46079a40f54bb12716c1b x86_64 libtiff-4.0.9-29.el8_8.2.i686.rpm SHA-256: 1ffe0ef601e3b3bed3d245e4783f134fd4ddb8b6852e592f350d013adadd2f24 libtiff-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: a452684d84aee0b4d34cf95cdc7cdea1530ce9d6b7ad5bd529160ed5f41e8ce9 libtiff-debuginfo-4.0.9-29.el8_8.2.i686.rpm SHA-256: ecffe8523369da039aeb21f27930e66b14e068057be052b1563723cad3feadfe libtiff-debuginfo-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 93048c9b2221def0836299758a9579ddef4f8e7b6ec5e1bcd94bb36ed2b684d8 libtiff-debugsource-4.0.9-29.el8_8.2.i686.rpm SHA-256: 492481eea16c5d504a19629241dfa0b24ef9f9a106ef145ea97b7436f311c5d3 libtiff-debugsource-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: d617770d144bd92d5f9c9463541a95842176b5e3b043158f12fec14c174e2506 libtiff-devel-4.0.9-29.el8_8.2.i686.rpm SHA-256: d214530658d7d574c8714cc4a0073b01b95633781ad9183604b90d24a9af0f95 libtiff-devel-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 428d468c3231849c713724c1912be3a86735645b83bea1fe5d8665479d5d41b0 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.i686.rpm SHA-256: 65005154d4fa3724c6094399181f797fa8ce1ebb92e0a3ff88299b51b2b85c78 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 42f7b12026abe2d28b0b7e5613a19851b6aa87ba8b6baa385c8f5146d2672d47 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 SRPM libtiff-4.0.9-29.el8_8.2.src.rpm SHA-256: 40dd8d3153ecdb470adeda58b16bf00d05d1806ba4e46079a40f54bb12716c1b ppc64le libtiff-4.0.9-29.el8_8.2.ppc64le.rpm SHA-256: e63aef519a562e064f09840357b3961e17e0db795e5acd46d21e42071a68196a libtiff-debuginfo-4.0.9-29.el8_8.2.ppc64le.rpm SHA-256: 1d91529a7df0d0d47acd57a5ec58c5ee201d7e82f8195fff70494e7cfcd62663 libtiff-debugsource-4.0.9-29.el8_8.2.ppc64le.rpm SHA-256: 71fa87dfa8f504fa3d967ebef80244e5422acf6590d7273ab8f0e6bea07dec0c libtiff-devel-4.0.9-29.el8_8.2.ppc64le.rpm SHA-256: 641c3a13630fbf98e7858803bb9e57175bbcb7088f9bee05bb3ddcc386383252 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.ppc64le.rpm SHA-256: 16f9fa8eaea20953ab7baea835d81a0883726a877c79fe5546d447087eff4742 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 SRPM libtiff-4.0.9-29.el8_8.2.src.rpm SHA-256: 40dd8d3153ecdb470adeda58b16bf00d05d1806ba4e46079a40f54bb12716c1b x86_64 libtiff-4.0.9-29.el8_8.2.i686.rpm SHA-256: 1ffe0ef601e3b3bed3d245e4783f134fd4ddb8b6852e592f350d013adadd2f24 libtiff-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: a452684d84aee0b4d34cf95cdc7cdea1530ce9d6b7ad5bd529160ed5f41e8ce9 libtiff-debuginfo-4.0.9-29.el8_8.2.i686.rpm SHA-256: ecffe8523369da039aeb21f27930e66b14e068057be052b1563723cad3feadfe libtiff-debuginfo-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 93048c9b2221def0836299758a9579ddef4f8e7b6ec5e1bcd94bb36ed2b684d8 libtiff-debugsource-4.0.9-29.el8_8.2.i686.rpm SHA-256: 492481eea16c5d504a19629241dfa0b24ef9f9a106ef145ea97b7436f311c5d3 libtiff-debugsource-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: d617770d144bd92d5f9c9463541a95842176b5e3b043158f12fec14c174e2506 libtiff-devel-4.0.9-29.el8_8.2.i686.rpm SHA-256: d214530658d7d574c8714cc4a0073b01b95633781ad9183604b90d24a9af0f95 libtiff-devel-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 428d468c3231849c713724c1912be3a86735645b83bea1fe5d8665479d5d41b0 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.i686.rpm SHA-256: 65005154d4fa3724c6094399181f797fa8ce1ebb92e0a3ff88299b51b2b85c78 libtiff-tools-debuginfo-4.0.9-29.el8_8.2.x86_64.rpm SHA-256: 42f7b12026abe2d28b0b7e5613a19851b6aa87ba8b6baa385c8f5146d2672d47 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .