An out-of-bounds heap read was found in _TIFFPrintField() caused by improper null termination. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2590 CVE assignment: http://seclists.org/oss-sec/2016/q4/421
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1395166]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1395167]
Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1395266]
Hi I think the CVE in the alias is a typo? Should that be CVE-2016-9297?
Thanks Salvatore, you are correct. Bug 1395264 is the correct ticket for CVE-2016-9297, this one is a duplicate/misfire. I will close it as such, but first need to investigate how some of our tools are responding to this inconsistency.
*** This bug has been marked as a duplicate of bug 1395264 ***