Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-4775

| EUVDEUVD-2026-14901 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-03-24 redhat
7.8
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.8 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 17, 2026 - 17:22 vuln.today
cvss_changed
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 24, 2026 - 15:15 euvd
EUVD-2026-14901
Analysis Generated
Mar 24, 2026 - 15:15 vuln.today
CVE Published
Mar 24, 2026 - 14:42 nvd
HIGH 7.8

DescriptionCVE.org

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

AnalysisAI

A signed integer overflow vulnerability exists in the libtiff library's putcontig8bitYCbCr44tile function that leads to out-of-bounds heap writes through incorrect memory pointer calculations. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10 are confirmed affected. An attacker can exploit this by tricking a user into opening a specially crafted TIFF file, potentially achieving arbitrary code execution or causing application crashes.

Technical ContextAI

The vulnerability affects the libtiff library, a widely-used open-source library for reading and writing Tagged Image File Format (TIFF) files. The flaw resides in the putcontig8bitYCbCr44tile function, which handles YCbCr color space conversion for tiled TIFF images. This is a CWE-190 (Integer Overflow or Wraparound) vulnerability where signed integer arithmetic can overflow during tile processing, causing memory pointer calculations to produce incorrect addresses. When these miscalculated pointers are used for heap writes, they can write data beyond allocated buffer boundaries. Affected products confirmed via CPE data include Red Hat Enterprise Linux 6, 7, 8, 9, and 10 distributions that bundle the vulnerable libtiff library.

RemediationAI

Apply security updates for libtiff as provided by Red Hat for the affected Enterprise Linux versions by monitoring the Red Hat Security Advisory at https://access.redhat.com/security/cve/CVE-2026-4775 and following vendor patch guidance. Until patches can be deployed, implement defense-in-depth measures including restricting TIFF file processing to trusted sources only, running applications that handle TIFF files with reduced privileges or in sandboxed environments, and deploying file validation or sanitization at ingress points. Organizations should prioritize patching systems that automatically process TIFF files from untrusted sources or internet-facing applications that accept image uploads. Review the Red Hat Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2450768 for specific patch availability timelines and version details.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

Vendor StatusVendor

Debian

tiff
Release Status Fixed Version Urgency
bullseye vulnerable 4.2.0-1+deb11u5 -
bullseye (security) vulnerable 4.2.0-1+deb11u7 -
bookworm, bookworm (security) vulnerable 4.5.0-6+deb12u3 -
trixie (security), trixie vulnerable 4.7.0-3+deb13u1 -
forky, sid vulnerable 4.7.1-1 -
(unstable) fixed (unfixed) -

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2026-4775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy