Dmitry V. Levin has reported to vendor-sec an issue with tiffdump. The issue appears to be an integer overflow which could lead to a buffer overflow. There is no patch yet. More work is being done on this issue. I'll post more information when it's available. This issue should also affect RHEL2.1
attachment 109026 [details] contains a demo image file to exploit this issue.
Can we get this update into RHSA-2004:698 This issue is sort of embargoed now. It's not technically private, but it seems vendors may be willing to hold off on updates for a bit. It seems additional work is not being done on this issue.
Created attachment 109325 [details] Proposed patch for this issue.
Build libtiff-3.5.5-19 (RHEL-2.1) and libtiff-3.5.7-22.el3 (RHEL3) and updated RHSA-2005:019 (!)
Lifting embargo.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-019.html