Skip to main content

libtiff CVE-2026-12912

| EUVDEUVD-2026-40151 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-29 secalert@redhat.com GHSA-cg4c-j43f-qcg7
7.3
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local file-parsing bug needing victim interaction (UI:R) plus a non-default 8BITABGR output format and specific stride (AC:H); no target privileges needed (PR:N), with full memory-corruption impact.

3.1 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative
Red Hat
7.3 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 29, 2026 - 17:31 vuln.today

DescriptionCVE.org

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).

AnalysisAI

Heap-based buffer overflow in libtiff's PixarLog codec decoder lets attackers crash or potentially execute code in any application that decodes a maliciously crafted PixarLog-compressed TIFF using the PIXARLOGDATAFMT_8BITABGR output format with a specific stride value. Any software linking libtiff for TIFF decoding is exposed, with impact ranging from denial of service to potential arbitrary code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious PixarLog TIFF
Delivery
Deliver via email/upload/share
Exploit
Victim app decodes with 8BITABGR + bad stride
Execution
Heap buffer overflow in PixarLog decoder
Impact
Crash or arbitrary code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim's application to decode a PixarLog (codec) compressed TIFF using the PIXARLOGDATAFMT_8BITABGR output format together with a specific stride value - these are the exact preconditions named in the description; applications that do not request 8BITABGR output or do not process PixarLog images are not on the vulnerable path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are mixed and should temper the headline CVSS 7.3 (High). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a PixarLog-compressed TIFF that triggers the heap overflow and delivers it via email, a web upload/preview pipeline, or a shared document; when a victim or automated service opens it with an application that decodes via the 8BITABGR output format and the vulnerable stride, the overflow corrupts the heap, causing a crash (DoS) or potentially attacker-controlled code execution. Given AV:L/UI:R, success depends on the victim actually processing the file rather than on a remote network probe, and no public POC is currently known.
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - apply the upstream correction tracked in GitLab merge request https://gitlab.com/libtiff/libtiff/-/merge_requests/873 and rebuild/redeploy libtiff, or install the patched package from your OS vendor once published (track Red Hat at https://access.redhat.com/security/cve/CVE-2026-12912 and Bugzilla 2492871 for the exact errata version). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all applications and systems using libtiff; disable TIFF file upload/processing capabilities where operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected

Share

CVE-2026-12912 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy