Skip to main content

libtiff CVE-2026-36849

HIGH
2026-06-17
Gitlab Denial Of Service
Share

Severity by source

vuln.today AI
7.5 HIGH

Network-delivered crafted file requires no privileges or user interaction in automated server-side processing; impact is availability-only with no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Estimated by vuln.today — no official severity rating has been published for this CVE yet.

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 02:22 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Denial of service in libtiff v4.7.1 and prior allows processing of a crafted TIFF file containing an abnormally large SamplesPerPixel tag value to crash or hang the affected process. Any application or service that passes attacker-controlled TIFF files through libtiff is potentially vulnerable, including web-based image processors, document converters, and media ingestion pipelines. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft TIFF file with oversized SamplesPerPixel tag
Delivery
Deliver file to libtiff-consuming service or user
Exploit
libtiff parses malformed tag without bounds check
Execution
Uncontrolled resource consumption triggered
Persist
Target process crashes or hangs
Impact
Denial of service achieved
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The target application must accept and process attacker-supplied TIFF files through libtiff without prior validation of tag field values such as SamplesPerPixel. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS score or vector was provided by the reporter or NVD, and no CWE is assigned, which limits precision in this assessment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a minimal TIFF file in which the SamplesPerPixel tag is set to an extremely large integer value and submits it to a web service or API endpoint that processes TIFF images using libtiff. When the service automatically decodes the file, libtiff consumes excessive memory or enters an abnormal processing loop, causing the worker process to crash or become unresponsive, resulting in a denial of service for legitimate users. …
Remediation The primary remediation is to apply the upstream fix commit eedba405d3695b52faae65994c5904f228eca0bf, available via the libtiff GitLab omnibus mirror. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit inventory of systems running libtiff ≤4.7.1 and map TIFF processing workflows; classify as business-critical or non-critical. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-55847 MEDIUM
6.1 Jun 19

Stored XSS in allure-generator (versions <= 2.38.1) allows arbitrary JavaScript execution in the browser of anyone who v
CVE-2026-55187 MEDIUM
5.8 Jun 19

Incomplete SSRF remediation in mailpit v1.29.2 through v1.30.1 leaves the Link Check API bypassable via IPv6 transition

CVE-2026-5139 MEDIUM
5.4 Jun 22

The /gitlab connect slash command in Mattermost fails to enforce administrator-level authorization on the setDefaultInst

Share

CVE-2026-36849 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy