Updated: 2026-02-27 02:19:55.949369
Description:
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libtiff | 4.4.0 | 6.5 | MEDIUM | Released | CLSA-2025:1745531344 | 2025-04-26 03:59:32 | |
| CentOS 7 ELS | libtiff | 4.0.3 | 6.5 | MEDIUM | Ignored | 2024-07-02 11:10:28 | Ignored due to low severity |