A signed integer overflow vulnerability (CVE-2026-4775, CVSS 7.8 HIGH) in the libtiff3 library allows arbitrary code execution or denial of service via crafted TIFF file processing. The vulnerability affects Red Hat Enterprise Linux 8, specifically the `compat-libtiff3` package, and is fixed in version `compat-libtiff3-3.9.4-15.el8_10`.
Red Hat Product Errata RHSA-2026:20585 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20585 - Security Advisory Overview Updated Packages Synopsis Important: compat-libtiff3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for compat-libtiff3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF (Tagged Image File Format) image format files. This version should be used only if you are unable to use the current version of libtiff. Security Fix(es): libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2450768 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVEs CVE-2026-4775 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 x86_64 compat-libtiff3-3.9.4-15.el8_10.i686.rpm SHA-256: 2695aced836ce514d31dc1fe76c241b6611afa61408187b2ccb0af7e28b90c43 compat-libtiff3-3.9.4-15.el8_10.x86_64.rpm SHA-256: 125ae3a69cf28659d7ec7dcfe65b46e751da65f7d816817cdfbe72288ae43986 compat-libtiff3-debuginfo-3.9.4-15.el8_10.i686.rpm SHA-256: 9b8978e27e83ebf7d84a207d19e87569b20e84372a07d220250c4b540b6fee7e compat-libtiff3-debuginfo-3.9.4-15.el8_10.x86_64.rpm SHA-256: a467b2cdb5deda5d22503a70d6674921ff7638f48f7b84a56aacd0bf8b1be4ac compat-libtiff3-debugsource-3.9.4-15.el8_10.i686.rpm SHA-256: 963a38b23d51f3944138abff6fa1dbbf743fe9089de480fcf44b762958f55fb5 compat-libtiff3-debugsource-3.9.4-15.el8_10.x86_64.rpm SHA-256: f5f4318c7306227219043faff681d282a0c056e42941e573601790fd4c625f43 Red Hat Enterprise Linux for IBM z Systems 8 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 s390x compat-libtiff3-3.9.4-15.el8_10.s390x.rpm SHA-256: 50ae482a4093222aae4ae3f29198cfce7adb3083a606fd46a280fdbc49c517f9 compat-libtiff3-debuginfo-3.9.4-15.el8_10.s390x.rpm SHA-256: 64992ea80d7fdd726adbdeba3dfcb712ee2dd377bdc0da0fd2045a13cdad5521 compat-libtiff3-debugsource-3.9.4-15.el8_10.s390x.rpm SHA-256: 13da59d749abc62e26814b1aaa05f03dad4a9d601c549e4f3cd595a188e2be88 Red Hat Enterprise Linux for Power, little endian 8 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 ppc64le compat-libtiff3-3.9.4-15.el8_10.ppc64le.rpm SHA-256: 26688725486212475d93ab4ce8d869a45eebf680eaeeea31f20ef854969986ed compat-libtiff3-debuginfo-3.9.4-15.el8_10.ppc64le.rpm SHA-256: 69af26df3e3bc4e3c926eea2b4a8d66040bc3a93c525b01603119f9b408d11cf compat-libtiff3-debugsource-3.9.4-15.el8_10.ppc64le.rpm SHA-256: 6ba0c427b1e0ac38b44b060a424154427c808ea40e18c487d61b7fabc8574e2d Red Hat Enterprise Linux for ARM 64 8 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 aarch64 compat-libtiff3-3.9.4-15.el8_10.aarch64.rpm SHA-256: 32bd345b3a1299a030eb4a2983010086956e90ebd820005b238304e88f865a04 compat-libtiff3-debuginfo-3.9.4-15.el8_10.aarch64.rpm SHA-256: dd9099ae0128429ad65c4033a0a44cd97b7fd058876e67c469cb300bac8d6001 compat-libtiff3-debugsource-3.9.4-15.el8_10.aarch64.rpm SHA-256: 72e5bfd7fe1cd80dec18746b51a72449357fe41ee38d810a1433e77670359589 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 x86_64 compat-libtiff3-3.9.4-15.el8_10.i686.rpm SHA-256: 2695aced836ce514d31dc1fe76c241b6611afa61408187b2ccb0af7e28b90c43 compat-libtiff3-3.9.4-15.el8_10.x86_64.rpm SHA-256: 125ae3a69cf28659d7ec7dcfe65b46e751da65f7d816817cdfbe72288ae43986 compat-libtiff3-debuginfo-3.9.4-15.el8_10.i686.rpm SHA-256: 9b8978e27e83ebf7d84a207d19e87569b20e84372a07d220250c4b540b6fee7e compat-libtiff3-debuginfo-3.9.4-15.el8_10.x86_64.rpm SHA-256: a467b2cdb5deda5d22503a70d6674921ff7638f48f7b84a56aacd0bf8b1be4ac compat-libtiff3-debugsource-3.9.4-15.el8_10.i686.rpm SHA-256: 963a38b23d51f3944138abff6fa1dbbf743fe9089de480fcf44b762958f55fb5 compat-libtiff3-debugsource-3.9.4-15.el8_10.x86_64.rpm SHA-256: f5f4318c7306227219043faff681d282a0c056e42941e573601790fd4c625f43 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 aarch64 compat-libtiff3-3.9.4-15.el8_10.aarch64.rpm SHA-256: 32bd345b3a1299a030eb4a2983010086956e90ebd820005b238304e88f865a04 compat-libtiff3-debuginfo-3.9.4-15.el8_10.aarch64.rpm SHA-256: dd9099ae0128429ad65c4033a0a44cd97b7fd058876e67c469cb300bac8d6001 compat-libtiff3-debugsource-3.9.4-15.el8_10.aarch64.rpm SHA-256: 72e5bfd7fe1cd80dec18746b51a72449357fe41ee38d810a1433e77670359589 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 ppc64le compat-libtiff3-3.9.4-15.el8_10.ppc64le.rpm SHA-256: 26688725486212475d93ab4ce8d869a45eebf680eaeeea31f20ef854969986ed compat-libtiff3-debuginfo-3.9.4-15.el8_10.ppc64le.rpm SHA-256: 69af26df3e3bc4e3c926eea2b4a8d66040bc3a93c525b01603119f9b408d11cf compat-libtiff3-debugsource-3.9.4-15.el8_10.ppc64le.rpm SHA-256: 6ba0c427b1e0ac38b44b060a424154427c808ea40e18c487d61b7fabc8574e2d Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM compat-libtiff3-3.9.4-15.el8_10.src.rpm SHA-256: ed69b5408d73a8be2f47a48adfae223260899de8ac7d744df0c4f3ce5fe7d7b6 s390x compat-libtiff3-3.9.4-15.el8_10.s390x.rpm SHA-256: 50ae482a4093222aae4ae3f29198cfce7adb3083a606fd46a280fdbc49c517f9 compat-libtiff3-debuginfo-3.9.4-15.el8_10.s390x.rpm SHA-256: 64992ea80d7fdd726adbdeba3dfcb712ee2dd377bdc0da0fd2045a13cdad5521 compat-libtiff3-debugsource-3.9.4-15.el8_10.s390x.rpm SHA-256: 13da59d749abc62e26814b1aaa05f03dad4a9d601c549e4f3cd595a188e2be88 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .