oss-sec mailing list archives
[CVE-2026-36849] libtiff: Denial of Service via large SamplesPerPixel tag
From: Ryo utomo <utomoryo395 () gmail com>
Date: Tue, 16 Jun 2026 17:13:49 -0700
Hi, I would like to disclose CVE-2026-36849, a denial of service vulnerability in libtiff. == Summary == An issue in libtiff v4.7.1 allows an attacker to cause a denial of service via a crafted TIFF file containing a large SamplesPerPixel tag value. == Affected Versions == libtiff v4.7.1 and prior == Patch == https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/eedba405d3695b52faae65994c5904f228eca0bf == References == - CVE: CVE-2026-36849 - Issue: https://gitlab.com/libtiff/libtiff/-/work_items/781 Regards, Satriyo Utomo (aleens-lab)
Current thread:
- [CVE-2026-36849] libtiff: Denial of Service via large SamplesPerPixel tag Ryo utomo (Jun 16)
