An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize, TIFFScanlineSize, TIFFTileSize, TIFFGetFieldDefaulted, and TIFFGetField), this sanitization of the tif structure is never being done and, hence, using them with an invalid or empty tif structure will trigger a buffer overflow, leading to a crash. References: http://bugzilla.maptools.org/show_bug.cgi?id=2801
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1609402] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1609404] Affects: fedora-all [bug 1609401]
CVE rejected https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14373
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.