CVE-2026-46602
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.
Risk Assessment
An attacker can supply a specially crafted TIFF image that, when processed, exhausts available system memory, leading to a denial of service (DoS).
Recommendation
Update the TIFF decoding library to the latest version that introduces a tile size limit. If an update is not available, restrict processing of TIFF images from untrusted sources.
Original NVD description (English source)
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

