CVE Catalog

CVE-2026-46602

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

Risk Assessment

An attacker can supply a specially crafted TIFF image that, when processed, exhausts available system memory, leading to a denial of service (DoS).

Recommendation

Update the TIFF decoding library to the latest version that introduces a tile size limit. If an update is not available, restrict processing of TIFF images from untrusted sources.

Original NVD description (English source)

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS