Hi,

I would like to disclose CVE-2026-36849, a denial of service vulnerability
in libtiff.

== Summary ==

An issue in libtiff v4.7.1 allows an attacker to cause a denial of service
via a crafted TIFF file containing a large SamplesPerPixel tag value.

== Affected Versions ==

libtiff v4.7.1 and prior

== Patch ==

https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/eedba405d3695b52faae65994c5904f228eca0bf

== References ==

- CVE: CVE-2026-36849
- Issue: https://gitlab.com/libtiff/libtiff/-/work_items/781

Regards,
Satriyo Utomo
(aleens-lab)

Reply via email to