A Segment fault (SEGV) problem was found in libtiff that could be triggered by passing a craft tiff file to TIFFReadRGBATileExt() API. In this flaw a remote attackers could cause a Heap-buffer-overflow problem leading to a denial of service. Reference: https://gitlab.com/libtiff/libtiff/-/issues/622 Fixed at: https://gitlab.com/libtiff/libtiff/-/merge_requests/546
*** Bug 2250332 has been marked as a duplicate of this bug. ***
*** Bug 2250319 has been marked as a duplicate of this bug. ***
Created iv tracking bugs for this issue: Affects: fedora-all [bug 2260111] Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 2260112] Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 2260110] Created tkimg tracking bugs for this issue: Affects: fedora-all [bug 2260113]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5079 https://access.redhat.com/errata/RHSA-2024:5079