Source: tiff
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for tiff.

CVE-2026-12912[0]:
| A flaw was found in libtiff. A remote attacker could exploit this
| vulnerability by providing a specially crafted PixarLog-compressed
| TIFF image. This issue occurs when decoding Pixarlog codec images
| with the PIXARLOGDATAFMT_8BITABGR output format and a specific
| stride value, leading to a heap-based buffer overflow. This could
| potentially result in arbitrary code execution or a denial of
| service (DoS).

https://gitlab.com/libtiff/libtiff/-/work_items/824
https://gitlab.com/libtiff/libtiff/-/merge_requests/873
https://gitlab.com/libtiff/libtiff/-/commit/ba2b04b114c5dd945107ccc613cedfcca3af73bb
 (v4.7.2rc2)
https://gitlab.com/libtiff/libtiff/-/commit/51fa6dfe93f20da0d38f079fbc61c7c960bcbc16
 (v4.7.2rc2)

https://gitlab.com/libtiff/libtiff/-/work_items/828
https://gitlab.com/libtiff/libtiff/-/merge_requests/883
https://gitlab.com/libtiff/libtiff/-/commit/f9bda11bf2fc819b971517582666d56f18b1bc3f
 (v4.7.2rc2)
https://gitlab.com/libtiff/libtiff/-/commit/90601d9a23382d98f3695ec14441145c37a77574
 (v4.7.2rc2)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-12912
    https://www.cve.org/CVERecord?id=CVE-2026-12912

Please adjust the affected versions in the BTS as needed.

Reply via email to