Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Apr 2026 08:26:10 +0000
From:      Daniel Engberg <diizzy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 90b45b864acb - main - security/vuxml: Document (lib)tiff vulnerability
Message-ID:  <69da05a2.3ef4c.5e6ce6f3@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=90b45b864acbfaf6894b5aae894f5efe9d2a3a99

commit 90b45b864acbfaf6894b5aae894f5efe9d2a3a99
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2026-04-11 06:47:03 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2026-04-11 08:26:02 +0000

    security/vuxml: Document (lib)tiff vulnerability
    
    Document CVE-2026-4775
---
 security/vuxml/vuln/2026.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 9b1b7635048b..f581b3e43f8e 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,35 @@
+  <vuln vid="766bb9b5-357f-11f1-98f0-00a098b42aeb">
+    <topic>(lib)tiff -- Integer Overflow or Wraparound</topic>
+    <affects>
+    <package>
+	<name>tiff</name>
+	<range><lt>4.7.1_1</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>PrymEvol and Quang Luong reports:</p>
+	<blockquote cite="https://www.cve.org/CVERecord?id=CVE-2026-4775">;
+	  <p>A flaw was found in the libtiff library.  A remote attacker could
+	     exploit a signed integer overflow vulnerability in the
+	     putcontig8bitYCbCr44tile function by providing a specially crafted
+	     TIFF file.  This flaw can lead to an out-of-bounds heap write due
+	     to incorrect memory pointer calculations, potentially causing a
+	     denial of service (application crash) or arbitrary code execution.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-4775</cvename>
+      <url>https://cveawg.mitre.org/api/cve/CVE-2026-4775</url>;
+    </references>
+    <dates>
+      <discovery>2026-03-24</discovery>
+      <entry>2026-04-11</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="431c2753-3503-11f1-bc6d-3c7c3fba4204">
     <topic>DNSdist -- vulnerabilities</topic>
     <affects>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69da05a2.3ef4c.5e6ce6f3>