A flaw was found in LibTIFF 4.0.9, there is a Use-After-Free(UAF)in the t2p_writeproc function in tools/tiff2pdf.c. An attacker could exploit this via crafted TIFF file to cause a denial of service or possibly have unspecified other impact. References: https://bugzilla.redhat.com/show_bug.cgi?id=1562824
*** Bug 1562824 has been marked as a duplicate of this bug. ***
Looks to have very low impact. Reported upstream, no acknowledgement from upstream as of yet. Guessing it slipped past the radar or they judged it very low priority. Interestingly, doesn't appear to affect Fedora 28, so unclear if it was stealth patched accidentally fixed via refactoring.
Upstream Bug Report: http://bugzilla.maptools.org/show_bug.cgi?id=2796
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1630031] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1630030] Affects: fedora-all [bug 1630032]