Updated: 2026-03-05 01:03:45.438462
Description:
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libtiff | 4.4.0 | 7.5 | HIGH | Released | CLSA-2025:1745531344 | 2025-04-26 03:59:35 | |
| CentOS 7 ELS | libtiff | 4.0.3 | 7.5 | HIGH | Released | CLSA-2024:1722529534 | 2024-08-15 03:45:02 | |
| TuxCare 9.6 ESU | libtiff | 4.4.0 | 7.5 | HIGH | Released | CLSA-2025:1765546516 | 2025-12-12 16:24:54 |