An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Upstream issue: http://bugzilla.maptools.org/show_bug.cgi?id=2807 Upstream patch: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1631079] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1631082] Affects: fedora-all [bug 1631080]
Out of bounds write, seems non-exploitable, so mostly crash only.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-17101