LibTIFF through version 4.0.9 is vulnerable to a NULL pointer dereference in tif_print.c:TIFFPrintDirectory(). An attacker exploit this to cause a denial of service using the tiffinfo command with a crafted TIFF image. This is a different issue to CVE-2017-18013. Upstream Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2778
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1556709]
Analysis: Essentially a null pointer deref in the way tags are handled when printing them from a specially crafted TIFF file.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2051 https://access.redhat.com/errata/RHSA-2019:2051
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053