A signed integer overflow vulnerability (CVE-2026-4775, CVSS 7.8 HIGH) in libtiff allows for arbitrary code execution or denial of service via specially crafted TIFF file processing. The vulnerability affects libtiff versions up to and including those shipped with Red Hat Enterprise Linux 6.0 and 7.0, as well as Debian Linux 11.0. Red Hat has released patched packages, such as libtiff-4.0.9-18.el8_4.2 for RHEL 8.4, to remediate the issue.
Red Hat Product Errata RHSA-2026:19659 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19659 - Security Advisory Overview Updated Packages Synopsis Important: libtiff security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libtiff is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2450768 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVEs CVE-2026-4775 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM libtiff-4.0.9-18.el8_4.2.src.rpm SHA-256: 4f27baaaffdb6d34a2d03b61f5c4f5b4e5f8b5fc8f1e22482f15a39a05939e62 x86_64 libtiff-4.0.9-18.el8_4.2.i686.rpm SHA-256: d815e67760ddf411cd89d41ddc0e74dd529aaaf827b81f3a3b282a2dfea63019 libtiff-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 0d1673778376177dfb658c3d1f6d723d03791d495ab466db4419caa5ae1fab0f libtiff-debuginfo-4.0.9-18.el8_4.2.i686.rpm SHA-256: 4bf11e8ab31878f1ec22b23812cc89d4606f46e3f0cedba78ba9ebca94c2a360 libtiff-debuginfo-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 974e335856efe038cc1210c8f8d1f70e2576d01df74388de7f1d09915adc5149 libtiff-debugsource-4.0.9-18.el8_4.2.i686.rpm SHA-256: d72ee52ec311cee4eed130f05d75f81d43c003bd490a6c853dcf1fe4739c8274 libtiff-debugsource-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 332402037f0e88f9d49026b01f79d564d8f851ed6b182dcd2211b5a7b8d81f6b libtiff-devel-4.0.9-18.el8_4.2.i686.rpm SHA-256: 795775785b954c965b4e479c38f457ff2dee0c71de12fd24073f936f274afc66 libtiff-devel-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 95834a6814749b2f9d22e987fb79a3621d5821788b39db3c87ecd1840e889387 libtiff-tools-debuginfo-4.0.9-18.el8_4.2.i686.rpm SHA-256: 500381d6fe39a712717466e04802ac89a5fb9d4e3bcf2d140ed99392599e06ef libtiff-tools-debuginfo-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 5277f280b22732eb0bbe3a53bc01ad33071f4a0a97a6f81bb55e6c425a7a90d7 Red Hat Enterprise Linux Server - AUS 8.4 SRPM libtiff-4.0.9-18.el8_4.2.src.rpm SHA-256: 4f27baaaffdb6d34a2d03b61f5c4f5b4e5f8b5fc8f1e22482f15a39a05939e62 x86_64 libtiff-4.0.9-18.el8_4.2.i686.rpm SHA-256: d815e67760ddf411cd89d41ddc0e74dd529aaaf827b81f3a3b282a2dfea63019 libtiff-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 0d1673778376177dfb658c3d1f6d723d03791d495ab466db4419caa5ae1fab0f libtiff-debuginfo-4.0.9-18.el8_4.2.i686.rpm SHA-256: 4bf11e8ab31878f1ec22b23812cc89d4606f46e3f0cedba78ba9ebca94c2a360 libtiff-debuginfo-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 974e335856efe038cc1210c8f8d1f70e2576d01df74388de7f1d09915adc5149 libtiff-debugsource-4.0.9-18.el8_4.2.i686.rpm SHA-256: d72ee52ec311cee4eed130f05d75f81d43c003bd490a6c853dcf1fe4739c8274 libtiff-debugsource-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 332402037f0e88f9d49026b01f79d564d8f851ed6b182dcd2211b5a7b8d81f6b libtiff-devel-4.0.9-18.el8_4.2.i686.rpm SHA-256: 795775785b954c965b4e479c38f457ff2dee0c71de12fd24073f936f274afc66 libtiff-devel-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 95834a6814749b2f9d22e987fb79a3621d5821788b39db3c87ecd1840e889387 libtiff-tools-debuginfo-4.0.9-18.el8_4.2.i686.rpm SHA-256: 500381d6fe39a712717466e04802ac89a5fb9d4e3bcf2d140ed99392599e06ef libtiff-tools-debuginfo-4.0.9-18.el8_4.2.x86_64.rpm SHA-256: 5277f280b22732eb0bbe3a53bc01ad33071f4a0a97a6f81bb55e6c425a7a90d7 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .