Red Hat Bugzilla – Bug 1474356
CVE-2017-11335 libtiff: Heap-based buffer overflow in tiff2pdf
Last modified: 2017-07-28 09:29:42 EDT
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF
4.0.8 via a PlanarConfig=Contig image, which causes a more than one
hundred bytes out-of-bounds write (related to the ZIPDecode function in
tif_zip.c). A crafted input may lead to a remote denial of service
attack or an arbitrary code execution attack.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1474373]
Created mingw-libtiff tracking bugs for this issue:
Affects: epel-7 [bug 1474372]
Affects: fedora-all [bug 1474374]
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.