CVE-2026-12912 | A flaw was found in libtiff. A remote attacker could exploit… | CVSS 7.3 HIGH

Description

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).

Metadata

CVE ID: CVE-2026-12912
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-22 15:36 UTC
Published: 2026-06-29 16:31 UTC
Last updated: 2026-06-29 18:13 UTC
Primary CWE: CWE-122
Heap-based Buffer Overflow
Vendor / Product: Red Hat / Red Hat Enterprise Linux 10
Sources: cve.org · NVD

Severity & Metrics

7.3 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (10)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 6	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—
Red Hat	Red Hat Hardened Images	—	—
Red Hat	Red Hat Hardened Images	—	—

Weakness (CWE)

CWE	Source	Description
CWE-122	cna	Heap-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.3	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References (4)