CVE-2026-12912
Published: 29 June 2026
Summary
CVE-2026-12912 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Redhat (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-40151
Vulnerability details
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading…
more
to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in libtiff image decoder enables RCE via crafted TIFF file, directly facilitating T1190 (public app exploitation) and T1204.002 (malicious file).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.