CVE Catalog

CVE-2026-12912

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability in the libtiff library allows a remote attacker to execute arbitrary code or cause a denial of service (DoS) by providing a specially crafted TIFF image compressed with the PixarLog codec. The issue occurs when decoding PixarLog images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow.

Risk Assessment

An attacker can remotely take control of the system or cause a crash, threatening the confidentiality, integrity, and availability of organizational data.

Recommendation

Immediately update the libtiff library to the latest version containing the security fix. Until the update is applied, avoid processing TIFF images with PixarLog compression from untrusted sources.

Original NVD description (English source)

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS