Source: tiff X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for tiff. CVE-2026-12912[0]: | A flaw was found in libtiff. A remote attacker could exploit this | vulnerability by providing a specially crafted PixarLog-compressed | TIFF image. This issue occurs when decoding Pixarlog codec images | with the PIXARLOGDATAFMT_8BITABGR output format and a specific | stride value, leading to a heap-based buffer overflow. This could | potentially result in arbitrary code execution or a denial of | service (DoS). https://gitlab.com/libtiff/libtiff/-/work_items/824 https://gitlab.com/libtiff/libtiff/-/merge_requests/873 https://gitlab.com/libtiff/libtiff/-/commit/ba2b04b114c5dd945107ccc613cedfcca3af73bb (v4.7.2rc2) https://gitlab.com/libtiff/libtiff/-/commit/51fa6dfe93f20da0d38f079fbc61c7c960bcbc16 (v4.7.2rc2) https://gitlab.com/libtiff/libtiff/-/work_items/828 https://gitlab.com/libtiff/libtiff/-/merge_requests/883 https://gitlab.com/libtiff/libtiff/-/commit/f9bda11bf2fc819b971517582666d56f18b1bc3f (v4.7.2rc2) https://gitlab.com/libtiff/libtiff/-/commit/90601d9a23382d98f3695ec14441145c37a77574 (v4.7.2rc2) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-12912 https://www.cve.org/CVERecord?id=CVE-2026-12912 Please adjust the affected versions in the BTS as needed.

